Intility Trust Center
A portal for information security and compliance
This Trust Center provides insight, transparency and information regarding our technical and organizational security initiatives and controls. Our customers can use it to support their own compliance requirements.
Intility's audit reports and other relevant documentation can be downloaded here: Compliance Document Center
Please do not hesitate to contact email@example.com if you have further questions or need more information.
Privacy and Data Protection
To safeguard the privacy of our customers, We continuously apply improvements to our information security management system. This is performed through risk assessments of our systems and infrastructure, evaluation of existing controls, documentation of data processing activities and audits of third-party providers.
All assurance documentation is comprised and made available to customers in the form of a comprehensive ISAE 3402 Type II attestation report.
Independent Security and Penetration Testing
Security and penetration testing is an integrated part of Intility’s platform service. Independent third parties perform continuous (monthly) security assessments and penetration tests. These tests are conducted by reputable cyber security firms, and supplements Intility’s own security monitoring and response capabilities.
Customers of Intility can also conduct tailored security assessments/penetrations tests specific to their own environments upon request.
To ensure service availability, Intility’s platform infrastructure is redundantly designed in all layers. Failover testing to ensure that the redundancy work as intended are performed regularly. In addition, response activities for different disaster scenarios are tested in simulated production environments on regular intervals.
Critical physical infrastructure such as power, cooling and firefighting mechanisms are maintained, tested and audited in accordance with contractual agreements. These control activities are audited as part of an annual ISAE 3402 Type II attestation report available to all customers.
A Complete Security Platform
Intility utilise several security technologies to protect the customer data residing on the Intility platform. This includes an extensive next-generation firewall service, URL filtering, Intrusion Protections Systems, DDoS-protection, enterprise backup & recovery and advanced security monitoring tools. Our data centers are ISO 27001, ISO 14001 and ISO 9001 certified.
Acting as an additional security layer, Mnemonic Argus Managed Defence is an integrated part of Intility’s cyber defence mechanisms. Argus Managed Defence is a security monitoring and response service delivered by Mnemonic, designed to identify and respond to advanced cyber security threats. This is accomplished through 24/7-data traffic monitoring in real-time.
Argus Managed Defence is included as a service for all customers.
Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organisation dedicated to defining and raising best practices to help ensure a secure cloud computing environment. Intility was the first Norwegian corporate member of this alliance, which harnesses the subject matter expertise of industry practitioners, associations, governments, and businesses. Other corporate members of the Alliance include Microsoft, Google, Hewlett Packard, Cisco, IBM and Amazon Web Services as well as audit and security organisations such as ISACA, (ISC)², PwC, Deloitte, KPMG and Ernst & Young.
The Alliance has developed Cloud Controls Matrix (CCM), which is a framework designed to provide fundamental security principles for guiding cloud service providers and to assist prospective customers in assessing relevant risks. The CCM is the world’s only framework of cloud-specific security controls mapped to leading standards, best practices and regulatory requirements such as COBIT, PCI-DSS and ISO 27001.
Intility was the first Norwegian corporate member of the Cloud Security Alliance, and we have documented our response to all 16 control domains (comprising of 300 control activities) in the CCM.
ISAE 3402 Type II Attestation Report
Increasingly, organisations and enterprises outsource IT services to support and further develop their own core business. In response, the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC), has issued the International Standard on Assurance Engagements (ISAE) No. 3402 for assurance reporting on controls at a service organisation. This internationally recognised audit standard provides assurance from an independent auditor regarding information security controls maintained by the service provider (i.e. Intility).
The report is a key delivery to Intility’s customers and their auditors to provide audit assurance for the following domains:
- Governance and risk management
- Independent audit assurance
- Security monitoring and incident response
- Vulnerability management
- Identity and access management
- Identity and access management (Microsoft Cloud Services)
- Endpoint security (Windows and MacOS)
- Endpoint Security iOS and Android)
- Business continuity and operational resilience
- Data center security (access management)
- Data center security (HVAC and power management)
- Change Control and configuration management
The ISAE 3402 type II report describes whether Intility’s information security controls has been appropriately designed and operationally effective throughout an audit period of 12 months. The audit report provides assurance for regulatory requirements such as financial statuatory audits (including Sarbanes Oxley), GDPR and other regulations where information security assurance is required.
Intility’s Compliance Document Center contains detailed descriptions of our security measures and controls. Here you can find governing policies, audit reports, certifications, data center security descriptions, security incident monitoring and response descriptions, a Q&A and more.
Customers can freely use this material to document internal assurance requirements, perform risk assessment and perform other internal control related initiatives.
Please contact firstname.lastname@example.org if you need access to documentation that is not available in the Compliance Document Center or have other enquiries.