Security and Reliability    

Platform Infrastructure

 

Our core commitment is to the security and integrity of your data and therefore we chose Amazon Web Services, the world’s leading cloud service platform, to host our infrastructure.


AWS Standards
By using AWS to power the IE Solutions platform, we absorb the highest global standards of AWS architecture, server operations, and compliance regulations to host your data. When you run your business through IE Solutions, you can do so confidently knowing that your data is secured by AWS best practices and the industry’s most advanced cloud security controls.

Physical Security

 

IE Solutions platforms/data are  hosted in AWS data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.

AWS data centers are secured by global AWS Security Operation Centers and advanced physical security measures which you can read more about here.

Network Security

 

Our network security architecture consists of multiple security zones. We monitor and protect our network, to make sure no unauthorized access is performed using Screen:

  • to monitor and protect our infrastructure from automated scanners, bots, and targeted attacks. The service blocks attacks and alerts in case of critical threats. It also brings additional features like IP blocking and firewalls that monitor and control incoming and outgoing network traffic.

  • to monitor our applications and get visibility into our application security, identify attacks, and respond quickly to a data breach. Security events are logged and notifications are sent in case of critical attacks to allow for fast remediation. Sqreen uses technologies to monitor exceptions and detect anomalies in our applications. We collect and store logs to provide an audit trail of our applications activity.

  • to integrate security in our applications and protect our users from data breaches. It integrates protections against the most critical attack categories like SQL injections, cross-site scripting, and adds security headers to our application. It blocks attacks in real-time and warns us when attackers start stressing our applications. Sqreen uses a runtime protection system that identifies and blocks OWASP top-10 and business-logic attacks in real-time.

Availability and Continuity

System Status Monitoring

IE Solutions uses AWS architecture features such as auto-scaling and elastic load balancing to automate our scalability and ensure that apps are always optimized for speed, high availability, and redundancy.

Redundancy
IE Solutions stores data on multiple databases to eliminate single points of failure and increase availability. Data are stored in multiple locations to distribute availability across multiple geographic locations and time zones.  We also employ daily backups of active apps for for 60 days further redundancy and store backups across multiple locations separate from the database servers.

Backup and Restore
All active IE Solutions apps are backed up on a daily basis (60 days), encrypted with AES-256 encryption keys, and stored across multiple locations that are separate from the database servers.

Clients are free to manually backup their data at any time by exporting their data to a CSV file.

Disaster Recovery
IE Solutions enforces strict Disaster Recovery policies including daily encrypted backups, (60 days) daily testing procedures, and strategic disaster recovery planning and training to ensure that data is available and restorable in case of disaster.

Encryption


Encryption in Transit
All data sent to or from our infrastructure are encrypted in transit via industry best-practices using Transport Layer Security (TLS).

Encryption at Rest
All our user data (including passwords) are encrypted using battled-proofed encryption algorithms in the database.

Government-Grade Encryption
We use SHA-256 and AES-256 encryption, the strongest encryptions available used by governments, banks, and federal-level agencies around the world.

Product Security Features

IP Whitelisting
With this feature we can enable IP address whitelisting within your app settings to ensure that your apps are only accessible by networks you’ve authorized.

Granular Page Controls
Assign roles for each staff member and define the data access permissions each role has. Restrict access to pages and parts of pages of your app to specific users who you deem relevant and authorized to view those pages or sections.


We recommend following the least-privilege approach with which you enable necessary pages vs blocking restricted pages. To learn more about maximizing user roles and permissions please contact support@ie.solutions.

Password Protection
Define custom password policies for each staff member and for each application, ensuring that staff meet the password requirements you determine to be appropriate for specific apps and users.

Password Encryption
All user passwords are encrypted and hashed.

Data Encryption
All data is encrypted and secured with SSL.

Page time-out settings
IE Solutions can create custom time-out settings to ensure that devices left unattended for a specified amount of time require re-logging in for continued access.

Encryption


Privacy Policy
Data you store on our platform are owned by you; IE Solutions claims no ownership on your data.

Data Access
Employee Policies
As part of our SOC 2 readiness for compliance, we have implemented best practices for employee onboarding and offboarding according to SOC standards and we conduct background checks for all our employees.

Development Policies
IE Solutions engineers conduct development and testing on a development platform completely separate from any live data. Bugs, errors, development kinks, etc. are fully tested in our separate “development sandbox” via comprehensive testing procedures to ensure that live data is not affected by bugs, errors, security vulnerabilities, or imperfect development.

Compliance

AWS Compliance
Amazon is continuously audited by 3rd party compliance controls and holds compliance certifications from the strictest compliance programs including SOC 3 and ISO 27001.

SOC 2 Type II
IE Solutions platform is currently undergoing SOC 2 Type II readiness. Certification of SOC 2 compliance will certify our best practices for security, availability, and confidentiality by an independent 3rd party auditing program and the leading standard for cloud security control.

 

Please contact us at support@ie.solutions for more information on our SOC 2 readiness and future compliance.

 

HIPAA
Coming soon IE Solutions will offer HIPAA compliant editions of our platform which will include field level encryption, password policies, and BAA agreements. Please contact us for more details at support@ie.solutions.

GDPR
IE Solutions is currently undergoing GDPR readiness for GDPR compliance. The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Please contact us at support@ie.solutions for more information on our GDPR readiness and future compliance.


IE Solutions platform performs annual PenTesting on all production environments being utilized for storing and processing data.

How GDPR applies to IE.Solutions can be viewed here.

Privacy Policy
IE.Solutions maintains a Privacy Policy, which outlines our policies on how we keep your data private and secure.

 

Terms of Service
Our Terms outline our obligations and yours if you accept to use our platform as a client. Please read them and let us know if you have questions or concerns.

Trust in Scalable Software

CourseApproval offers an affordable course management solution that is supported by advanced frameworks, processes, automation, and expertise.


Set up your team for success and instill best practices across your entire office.