Intility Trust Center
A portal for information security and compliance
Information security and compliance are key factors for trust and competitiveness in today's complex and technology oriented business environment. As a result, we continuously work on improving our information security measures, processes and controls to ensure that your data is protected by the highest security standards.
This Trust Center provides insight, transparency and information regarding our technical and organisational security initiatives and controls. Our customers can use it to support their own compliance requirements. The documentation provided can also be used as valuable input for risk assessments and other customer specific documentation needs.
Relevant material and documentation can be downloaded in our Compliance Document Center. Please do not hesitate to contact email@example.com if you have further questions or need more information.
Privacy and Data Protection
To safeguard the privacy of our customers, We continuously apply improvements to our information security management system. This is performed through risk assessments of our systems and infrastructure, evaluation of existing controls, documentation of data processing activities and audits of third-party providers.
All assurance documentation is comprised and made available to customers in the form of a comprehensive ISAE 3402 Type II attestation report.
Independent Security and Penetration Testing
Security and penetration testing is an integrated part of Intility’s platform service. Independent third parties perform continuous (monthly) security assessments and penetration tests. These tests are conducted by reputable cyber security firms, and supplements Intility’s own security monitoring and response capabilities.
Customers of Intility can also conduct tailored security assessments/penetrations tests specific to their own environments upon request.
To ensure service availability, Intility’s platform infrastructure is redundantly designed in all layers. Failover testing to ensure that the redundancy work as intended are performed regularly. In addition, response activities for different disaster scenarios are tested in simulated production environments on regular intervals.
Critical physical infrastructure such as power, cooling and firefighting mechanisms are maintained, tested and audited in accordance with contractual agreements. These control activities are audited as part of an annual ISAE 3402 Type II attestation report available to all customers.
A Complete Security Platform
Intility utilise several security technologies to protect the customer data residing on the Intility platform. This includes an extensive next-generation firewall service, URL filtering, Intrusion Protections Systems, DDoS-protection, enterprise backup & recovery and advanced security monitoring tools. Our data centers are ISO 27001, ISO 14001 and ISO 9001 certified.
Acting as an additional security layer, Mnemonic Argus Managed Defence is an integrated part of Intility’s cyber defence mechanisms. Argus Managed Defence is a security monitoring and response service delivered by Mnemonic, designed to identify and respond to advanced cyber security threats. This is accomplished through 24/7-data traffic monitoring in real-time.
Argus Managed Defence is included as a service for all customers.
Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organisation dedicated to defining and raising best practices to help ensure a secure cloud computing environment. Intility was the first Norwegian corporate member of this alliance, which harnesses the subject matter expertise of industry practitioners, associations, governments, and businesses. Other corporate members of the Alliance include Microsoft, Google, Hewlett Packard, Cisco, IBM and Amazon Web Services as well as audit and security organisations such as ISACA, (ISC)², PwC, Deloitte, KPMG and Ernst & Young.
The Alliance has developed Cloud Controls Matrix (CCM), which is a framework designed to provide fundamental security principles for guiding cloud service providers and to assist prospective customers in assessing relevant risks. The CCM is the world’s only framework of cloud-specific security controls mapped to leading standards, best practices and regulatory requirements such as COBIT, PCI-DSS and ISO 27001.
Intility was the first Norwegian corporate member of the Cloud Security Alliance, and we have thoroughly documented our response to all 16 control domains (comprising of 300 control activities) of the CCM.
ISAE 3402 Type II Attestation Report
Increasingly, organisations and enterprises outsource IT services to support and further develop their own core business. In response, the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC), has issued the International Standard on Assurance Engagements (ISAE) No. 3402 for assurance reporting on controls at a service organisation. This internationally recognised audit standard provides assurance from an independent auditor regarding information security controls maintained by the service provider (i.e. Intility).
As such, the report is a key delivery to Intility’s customers and their auditors to provide audit assurance for the following domains:
- Information Security Governance
- Risk Management
- Cyber Security and Vulnerability Management
- Security Incident Monitoring and Response
- Access Management
- Device Security
- Data Center Security
- Backup and Disaster Recovery
- Change Management
The ISAE 3402 type II report describes whether Intility’s information security controls has been appropriately designed and operationally effective throughout an audit period of 12 months. The audit report applies to different regulatory requirements such as financial statuatory audits (including Sarbanes Oxley), GDPR and other regulations where information security assurance is required.
Intility’s Compliance Document Center contains detailed descriptions of our security measures and controls. Here you can find governing policies, audit reports, certifications, data center security descriptions, security incident monitoring and response descriptions, a Q&A and more.
Customers can freely use this material to document internal assurance requirements, perform risk assessment and perform other internal control related initiatives.
Please contact firstname.lastname@example.org if you need access to documentation that is not available in the Compliance Document Center or have other enquiries.