Data Security: Organizational and technical measures
Data Segregation and Retention
Intenseye’s system ties each user’s ID with exactly one tenant, which is then used to access the Intenseye Service. All the objects are tenant-based so every time a new object is created it is irrevocably linked to the user’s tenant. The Intenseye system manages these links automatically and restricts access to every object based on user ID, user role, and permissions and their respective tenant. When a user requests any sort of data, the system automatically applies a tenancy filter to ensure that it retrieves only information corresponding to the user’s tenant.
Encryption in-transit and at-rest
Intenseye encrypts every attribute of customer data within the application before it is stored in our database. Intenseye relies on the Advanced Encryption Standard algorithm with a key size of 256 bits. User’s access Intenseye via the internet, protected by Transport Layer Security (TLS). This secures network traffic from passive eavesdropping, active tampering, and forgery of messages.
Regular third party penetration test
Vulnerability assessments and penetration testing of the Intenseye network infrastructure is also evaluated and conducted on a regular basis by both internal Intenseye resources and external third-party vendors.
Data Backups and Disaster Recovery
We have developed a Disaster Recovery Plan that covers emergency and non-emergency conditions to ensure that the company will be able to continue supporting its customers. Intenseye has defined a mature approach to ensure that its information and data are backed up securely and frequently and that its restoration occurs in the most timely and efficient manner possible.
Authentication and Authorization
Intenseye security access is role-based and supports SAML for single-sign-on (SSO). Intenseye allows customers to set up different authentication requirements for different user populations. Intenseye also enables users to select an authentication type in situations where organizations wish to use multiple authentication types for users due to geographical and/or organizational variances.
Training and Awareness
All employees within Intenseye are to undergo annual security awareness training initiatives to ensure they stay abreast of significant security issues that pose a credible threat to the organization as a whole, including, but not limited to, Intenseye’s network infrastructure and all supporting system resources. The training and awareness program is reviewed on at least an annual basis to ensure that it is effective for the organization’s current and future state.