Your data is safe with us.
Igloo works inside and outside your firewall, so whether you’re using Igloo exclusively as an intranet, or you’ve extended permissions to clients and partners outside your company, your data remains secure. It’s hosted in a private cloud and content is delivered securely via the web browser.
Igloo’s enterprise-class security features are constantly monitored and tested. Our platform, processes, and networks regularly undergo independent security audits to ensure our high standards for security are met – and exceeded.
The General Data Protection Regulation (GDPR) is a new law that will provide greater data protection for individuals in the European Union (EU). If you’re thinking ahead to the EU GDPR, we are too. Igloo is committed to helping our customers comply with the upcoming legislature through our strong foundation of data governance and championing of privacy.
Identity and access management
Our access, authentication, and identity services ensure only authorized users enter your Igloo.
With Igloo, user authentication is simple. We support both Igloo’s native sign-in, and single sign-on (SSO) with SAML, so no additional login is required for access. And, Igloo never stores passwords in a readable format – credentials are always stored as a secure, salted hash.
Data loss and prevention
Your data belongs to you and we go to great lengths to protect it.
Igloo servers are hosted at SSAE 16 (SOC 1, SOC 2 Type II) and ISO 27001 compliant facilities. Our hosting environment encrypts your data using AES-256 and AES-256 FIPS 140-2 Level 3 to keep your data safe at rest. Plus, all connections to Igloo are secured via SSL/TLS, so you’re covered from every angle (Qualys SSL Labs even gives us an A+).
Igloo is SOC 2 Type II compliant as well, and subject to extensive and continuous third-party network vulnerability scans, intrusion detection monitoring, and penetration tests. Your data is mirrored locally within the data center and backed up regularly. Igloo also replicates to a disaster recovery location to ensure continuity and redundancy. And, we perform regular reviews to test for vulnerabilities inside the application.
Igloo is designed to make your life easier. As an IT admin, you have complete control of the content, applications, and structure of your community. You can set up restrictions system-wide, or control access by group, individual, and even by specific pieces of content. And, permissions cascade down so you don’t have to duplicate work with each new member.
Plus, if IT resources are tight, you can choose to delegate control over many elements of the platform, including content and membership management, and webmaster tasks. It’s easy to do, thanks to the drag-and-drop interface, and IT retains overall control, so there’s no permission issues or duplication.
Igloo and HIPAA
Igloo has taken every precaution to ensure it’s cloud hosting services are highly secure and in compliance with HIPAA requirements. Our fully managed hosting model enhances data privacy and security while providing access to information anytime, anywhere, and on any device. Since our secure cloud solution, offices, and staff adhere to HIPAA security standards, we will sign a Business Associates Agreement (BAA) with our customers to become joint custodians of protected health information (PHI).
Igloo Software is aware of the recently reported security vulnerabilities ‘Spectre’ and ‘Meltdown’ which have the potential to impact a wide range of microprocessors (CPUs). Exploitation of these vulnerabilities within the computer processors could allow an attacker to access information and data stored on that computer.
As is the case for many companies, Igloo’s infrastructure uses operating systems that are impacted by these vulnerabilities. Igloo is treating these vulnerabilities as a high priority and quickly applying patches and updates based on recommendations from the appropriate hardware and software vendors. Igloo will continue to monitor and provide updates as appropriate.