Security

img
img

Our Client's Trust is Our Top Priority

Thank you for using iFOLIO services.


iFOLIO® helps companies grow with a digital marketing platform for the mobile world. We make work easier for sales, marketing, and service teams with world-class technology and built-in support.


We deliver our technical solutions to active users in 50 US states and over 100 countries through the cloud and software as a service model, self-service, and built-in support.


In addition, we provide additional white glove support for enterprise licenses and provide product videos and FAQs through the user’s dashboard.


If additional support is needed or if you wish to report an issue, please use the following contact information:


Email: security@ifoliocloud.com

Phone: (470) 223-4818

 

img

Secure Sharing

No one is authorized to share your iFOLIO profile without your permission.

We allow the ability to share through your iFOLIO link which has the option

of password protection.

img

Vendor Risk Management

We undergo annual risk assessments to identify potential threats, including considerations for fraud.

Prior to authorizing a new vendor, they are reviewed and risk assessed.

img

Test Driven Development

Using the test-driven development approach and automated functional testing, we ensure the robustness of the system during the product development cycle.

We are SOC-2 Compliant

img

Organizational Security

Informational Security Program

We have an Information Security Program in place that is communicated throughout the organization. Our program follows the criteria set forth by the SOC-2 Framework. SOC-2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.


Roles and Responsibilities

The roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. All team members are required to review and accept all of the security policies.


Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.


Confidentiality

All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.


Background Checks

We perform background checks on all new team members in accordance with local laws.

img
img

Cloud Security

Cloud Infrastructure Security

All of our services are hosted with Amazon Web Services (AWS). They both employ a robust security program with multiple certifications. For more information on our provider's security processes, please visit AWS Security.


Data Hosting Security

All of our data is hosted on Amazon Web Services (AWS) databases. These databases are all located in the United States unless otherwise requested. please reference the link to our vendor for more information.


Encryption

All databases are encrypted at rest. In addition, our applications encrypt in transit with TLS/SSL only.


Vulnerability Scanning

We regularly perform vulnerability scanning and are actively monitoring for threats.


Business Continuity and Disaster Recovery

We use Amazon’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.


Incident Response

We have a process for handling information security events which includes escalation procedures, rapid mitigation and communication.

Access Security

Permissions and Authentication

Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to clause services are protected.


Least Privilege Access Control

We follow the principle of least privilege with respect to identity and access management.


Quarterly Access Reviews

We perform Quarterly Access reviews of all team members with access to sensitive systems.


Password Requirements

All team members are required to adhere to a minimum set of password requirements and complexity for access.


Password Managers

All company issues laptops utilize a password manager for team members to manage passwords and maintain password complexity.

img

Using Our Platform

img

Organization License


If your account is associated with an organization's license, meaning they provided you access to the services, that organization may have access to view your profile. Although licensees have access to view this information, you do not have access or permission to share it. You must get permission from the user to use or share their information.

img

ADA Compliance

iFOLIOs are compliant with ADA regulations (Americans with Disabilities Act Standards for Accessible Design). iFOLIO offers users text-to-speech and closed captioning alternatives. Images in iFOLIOs should have alternative text (alt text) descriptions, which describe the image using text so that individuals who use screen readers are able to access the content.

img

iFOLIO Ensures Responsible Account Management

Audit Logs that record user's events and track changes during sessions. Role-Based Access Control (RBAC) that can assign permissions to authorized users and restrict control for unauthorized users to edit templates or view information. Single Sign-On (SSO) allowing the user to log in once and access services without re-entering authentication factors. Single Log-Out (SLO) so that a single action of signing out terminates access to all active user sessions to secure the account.

img

iFOLIO Uses HTTPS & TLS to Encrypt Our Data

Security is achieved by data transfer encryption, multilevel access control, users actions audit, automated logs monitoring with multiple triggers alerting iFOLIO support about any suspicious events

img

iFOLIO Uses HTTPS & TLS to Encrypt Our Data

iFOLIO's tech team uses AWS in order to give our users the experience on the cloud.


Check out their Data Privacy FAQ for more info.

img

Amazon Relational Database Services

Amazon RDS makes it easy to set up, operate, and scale in the cloud. It provides cost-efficient and resizable capacity while automating administration tasks such as hardware provisioning, database setup, patching and backups.


This allows us to focus on building our solution while giving you fast performance, high availability, security and compatibility.

img

AWS Lambda

AWS Lambda is a serverless compute service that lets us run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes.


With Lambda, We can run code for virtually any type of application!

img

System Monitoring

iFOLIO uses a combination of AWS CloudWatch and Zabbix to monitor and optimize our information systems.

img

Encryption of Sensitive Data

AES Crypt is a file encryption software that follows the industry-wide Advanced Encryption Standard to easily and securely encrypt files.

img

Building, Deploying, & Automating New Features

Jenkins is an open source automation server that allows our developers to reliably build, test, and deploy software.

iFOLIO + Amazon Web Services

iFOLIO takes Twilio's programmable text message and adds images, clickable links, and signatures to campaigns that can be mass delivered from a 10-digit phone number. Our partnership with Twilio's API and intelligence software ensures trusted communications across mobile channels.

img

Non-iFOLIO Applications, Integrations and Your Data

You grant Us permission to allow the Non-iFolio Application and its provider to access your Data as required for the interoperation of that Non-iFolio Application with the Service.


We are not responsible for any disclosure, modification or deletion of Your Data resulting from access by such Non-iFolio Application or its provider.


Click here to view iFOLIO's Terms & Conditions




img
powered by ifolio