To maintain and deliver high value Information Security Services to Corporations and Government entities, iZOOlogic monitors, discovers, identifies, analyses, stores and retains sensitive and high value data such as client end user data, accounts credentials, financial data, or may obtains company information that is relevant to the market such as trade secrets, pricing regimes and schedules or product developments or trade secrets or designs, business and technical information relating to a party’s products and associated technology and any documents.
iZOOlogic operates under practices and to the frameworks of ISO/IEC 27001 (International Organization for Standardization – www.iso.org) and AICPA, Trust Services Principles and Criteria (System and Organization Controls (“SOC”)) (www.aicpa.org). iZOOlogic’s information security practices establish and govern areas of security applicable to iZOOlogic and customers’ use of iZOOlogic services.
iZOOlogic employs appropriate technical and organizational security practices protect and handle customer data. These involve iZOOlogic infrastructure, software, employees and procedures and takes into account the nature, scope and purposes of the processing as specified in the Subscriber Agreement. The security controls and practices are designed and intended to protect the confidentiality, integrity, and availability of customer data against the risks inherent in the processing of personal, financial and sensitive data, in particular risks from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to customer data transmitted, stored or otherwise processed. iZOOlogic continually works to strengthen and improve those security controls and practices.
Under no circumstances will iZOOlogic disclose any data to any other party without express approval of the concerned parties and original owner.
iZOOlogic maintains a comprehensive information security program that contains industry standard technical and physical safeguards designed to prevent unauthorized access to the data.
iZOOlogic limits access to personal information to those persons and authorized service providers who have a specific business purpose for maintaining and processing such information. iZOOlogic employees who have been granted physical access to data are made aware of their responsibilities to protect the confidentiality, and integrity of that information and receive relevant training and instruction.
iZOOlogic personnel, including employees and contractors, are subject to these practices and any additional policies that govern their employment or the services they provide to iZOOlogic.
iZOOlogic adopts industry leading practices for information security management and implements a multi-layered strategy where physical security, network infrastructure, software, and employee security practices and procedures all play a key role reinforced by robust governance and oversight.
iZOOlogic operates in secure offices, where physical access is restricted and requires layers of biometric or card authorisation. The Leadenhall Building is one of the most secure and restricted corporate offices in the City of London.
iZOOlogic only hosts infrastructure in High Security Data Centres where physical entry is highly restricted. iZOOlogic regularly audits the range of Data Centres used to host the iZOOlogic platforms.”.
iZOOlogic Access and System Security policies ensure Network and Server Security is constantly monitored for intrusion and is harden against attack. iZOOlogic infrastructure is High Availability with a redundant architecture and is “always on”. Firewalls, perimeter security controls, VPNs, and access-controlling routers are in place and configured to iZOOlogic standards to prevent unauthorized communications. Network based intrusion detection systems are configured to detect attacks or suspicious behaviour, and vulnerability scans are performed to identify potential weakness to the security and confidentiality of systems and data. iZOOlogic may, depending on the specific service, apply the following controls: (i) authentication via passwords and/or multi-factor authentication; (ii) documented authorization and change management processes; and (iii) logging of access. Software supporting iZOOlogic’s infrastructure includes operating systems, databases and anti-virus software that is updated as needed. Internally-developed applications perform product delivery functions. In addition, iZOOlogic uses multiple backup/restore utilities to perform daily and periodic backups of production systems.
iZOOlogic’s access to its customers’ data is restricted to authorized personnel and access is granted after receiving proper approval from management. Only iZOOlogic employees with a need to know will be granted access to customer data for the sole purpose of providing customers with support. In addition, iZOOlogic provides a mechanism by which customers can control access to their environments and to their content by their authorized staff.
iZOOlogic implements measures to prevent customer data from being read, copied, altered or deleted by unauthorized parties during rest, transmission and transport. The iZOOlabs Incident Management portal is secured via https which provides a minimum of 128-bit encryption. The private key used to generate the cipher key is at least 2048 bits.
iZOOlogic propriety platform ensure client data is logically or physically segregated to ensure client data is siloed from all other data, including other client data.
iZOOlogic employees that may have access to customer data are subject to confidentiality agreements. iZOOlogic employees are required to periodically complete training that relates to Data Security.
iZOOlogic employs internal processes for regularly testing, assessing, evaluating and maintaining the effectiveness of the technical and organizational security measures described here. iZOOlogic employs independent third parties to conduct reviews and ensure compliance of the iZOOlogic Data Security Policy including the effectiveness of administrative and technical controls.