Since our founding in 2009, i360 has prioritized data security. Implementing safety measures like encryption, two-factor authentication, firewalls, intrusion detection and penetration testing, we've long been committed to eliminating vulnerabilities and ensuring our clients' data is secure.
i360 has maintained SOC-2 certification for a number of years. Submitting to this continuous evaluation by outside auditors is typically only done by major ecommerce companies that handle PII and credit data, but we felt our data should meet the same standard.
i360 undergoes intensive audits conducted by certified auditors during which our systems and security controls are evaluated and tested for compliance with the trust principle of security as defined by the AICPA.
The review is exhaustive and comprehensive, examining everything from technical infrastructure and controls to HR protocols, policies and personnel management to physical security including badge entry, visitor protocol and video monitoring to uncover any potential vulnerabilities.
INDUSTRY BEST PRACTICES
To ensure our data is protected against attacks like SQL injection, cross site scripting XXS, DDoS and brute force, our technical team employs a range of best practices including:
- Employing a reverse proxy
- Web application firewalls
- Redundant, distributed systems
- Minimal surface area
- Strong encryption, no weak ciphers
- ML powered incident detection
- And more
For extra protection, we conduct regular internal vulnerability scans and external black box and gray box testing and use multiple penetration testers to ensure we've covered all types of attacks.
While many of the security procedures and controls required to qualify as compliant are time-intensive and expensive to implement and maintain, we believe they are critical and will do whatever it takes to keep your data safe.