Igloo is hosted in the industry-leading Microsoft Azure cloud and offers the highest standards of compliance and security at all levels. From guaranteed uptime to regular third-party vulnerability testing to giving you full control of your data — we’ve got you covered.
Private Azure Cloud
We will host and run your intranet on a private Microsoft Azure cloud hosting infrastructure – the industry leader with 90+ compliance offerings. The facilities are SSAE 16 (SOC 1, SOC 2 Type II) and ISO 27001 compliant.
We offer a multi-tenant or single-tenant solution to meet your needs. And we can host your data in either Canada or the U.S. with a guaranteed uptime of 99.9%.
We provide all customers with a disaster recovery plan so that your critical data stays safe in the event a disaster strikes.
We provide complete data backups across redundant primary and secondary site servers with additional service options to meet your requirements.
The Igloo platform was designed for the cloud and leverages Microsoft stack, including the highly secure .net framework.
At rest, data is encrypted with (minimum) AES-256 (FIPS 140-2 compliance). In transit, all connections to Igloo are secured via SSL/TLS (Qualys SSL Labs gives us an A+).
The Igloo mobile application offers two options for methods of authentication: Igloo Authentication (including LDAP authentication happening behind the scenes) using login and password; and SAML authentication.
Igloo’s platform, processes, and networks regularly undergo third-party audits including vulnerability scans, intrusion detection monitoring, and penetration tests.
We apply an additional array of strategies to secure the environment and data, including:
- Firewall (Network Security Group)
- DDoS avoidance/prevention
- DNS private resolution
We’re committed to helping our customers comply with the General Data Protection Regulation (GDPR), a 2018 law that provides privacy protections for individuals in the European Union (EU).
For healthcare customers, Igloo’s secure cloud solution, offices, and staff adhere to HIPAA security standards, and we implement a Business Associate Agreement (BAA) with those customers for the provision services in respect of protected health information (PHI).
As a service provider under The California Consumer Privacy Act of 2018 (CCPA), Igloo facilitates customers who hold personal information of California consumers being able to fulfill their CCPA obligations in respect of that data.
Igloo’s platform enables customers who are subject to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian laws to comply with their privacy obligations under those laws.
Authentication & Member Management
Identity and access management
Native sign-in and single sign-on (SSO) with SAML means no additional login is required. And we never store passwords in a readable format.
Easy administration, with full control
IT, or whomever you assign ownership for your site, will retain overall control of the content, applications, and structure.
Built-in platform authentication
Igloo requires a specific username and password combination. You can manage users by adding members, performing bulk user imports, or sending invitations, which include CAPTCHA.
Igloo supports LDAP, Active Directory and identity service providers (IdP) like OKTA and OneLogin. It’s another way we make things simple — and secure.
Governance and Security Committees
We follow industry best practices for corporate governance, with an aim to meet or exceed regulatory requirements. Our multi-disciplinary teams regularly create, review, and update our internal security policies and procedures.
Employee background checks and NDAs
In addition to requiring employees to sign NDAs, we perform rigorous background checks of IT and development staff with access to production systems in our data center.
At Igloo, we ensure that every new feature is a secure feature. Our Software Development Lifecycle (SDLC) incorporates Microsoft SDL and OWASP recommendations to ensure an ever-improving software development process that prioritizes security.
Igloo’s incident response plan includes protocols for assessing the impact of a potential breach, steps for data backup and recovery, and notification to customers who may have been impacted.
Technical expertise to plan and deploy your digital workplace
We work with you to meet your specific technical requirements and configure your digital workplace environment with security always top of mind.