Contact ITInvolve
x 


ITinvolve Security

At ITinvolve, there is no higher priority than the privacy and security of our customers’ data. Protecting the privacy of our customers’ data is integral to our mission of earning and maintaining the trust of each of our customers. We seek to lead the industry as a trusted repository for customer data through a world-class privacy program and provide a secure infrastructure that  enables our customers to comply with global privacy and data protection regulations.

Because ITinvolve’s products are built on Salesforce.com’s Salesforce1 platform, we are able to leverage their multi-layered approach to protecting key information to meet and exceed our customer’s security requirements.

Security and privacy audits and achievements:

 
   
 

Secure data centers

Our service is collocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including:

Access control and physical security

  • 24-hour manned security, including foot patrols and perimeter inspections
  • Biometric scanning for access
  • Dedicated concrete-walled Data Center rooms
  • Computing equipment in access-controlled steel cages
  • Video surveillance throughout facility and perimeter
  • Building engineered for local seismic, storm, and flood risks
  • Tracking of asset removal

Environmental controls

  • Humidity and temperature control
  • Redundant (N+1) cooling system

Power

  • Underground utility power feed
  • Redundant (N+1) CPS/UPS systems
  • Redundant power distribution units (PDUs)
  • Redundant (N+1) diesel generators with on-site diesel fuel storage

Network

  • Concrete vaults for fiber entry
  • Redundant internal networks
  • Network neutral; connects to all major carriers and located near major Internet hubs
  • High bandwidth capacity

Fire detection and suppression

  • VESDA (very early smoke detection apparatus)
  • Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression

Secure transmission and sessions

  • Connection to the Force.com environment is via SSL 3.0/TLS 1.0, using global step-up certificates from Verisign, ensuring that our users have a secure connection from their browsers to our service
  • Individual user sessions are identified and re-verified with each transaction, using a unique token created at login

Network protection

  • Perimeter firewalls and edge routers block unused protocols
  • Internal firewalls segregate traffic between the application and database tiers
  • Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
  • A third-party service provider continuously scans the network externally and alerts changes in baseline configuration

Disaster Recovery

  • The Force.com service performs real-time replication to disk at each data center, and near real-time data replication between the production data center and the disaster recovery center
  • Data are transmitted across encrypted links.
  • Disaster recovery tests verify our projected recovery times and the integrity of the customer data

Backups

  • All data are backed up to tape at each data center, on a rotating schedule of incremental and full backups
  • The backups are cloned over secure links to a secure tape archive
  • Tapes are not transported offsite and are securely destroyed when retired

Internal and Third-party testing and assessments

Salesforce.com tests all Force.com code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly:

  • Application vulnerability threat assessments
  • Network vulnerability threat assessments
  • Selected penetration testing and code review
  • Security control framework review and testing

Security Monitoring

Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.