SECURITY
Our Client's Trust is Our Top Priority
Thank you for using iFOLIO services.
iFOLIO® helps companies grow with a digital marketing platform for the mobile world. We make work easier for sales, marketing, and service teams with world-class technology and built-in support.
We deliver our technical solutions to active users in 50 US states and over 100 countries through the cloud and software as a service model, self-service, and built-in support.
In addition, we provide additional white glove support for enterprise licenses and provide product videos and FAQs through the user’s dashboard.
If additional support is needed or if you wish to report an issue, please use the following contact information:
Email: security@ifoliocloud.com
Phone: (470) 223-4818
Secure Sharing
No one is authorized to share your iFOLIO profile without your permission.
We allow the ability to share through your iFOLIO link which has the option
of password protection.
Vendor Risk Management
We undergo annual risk assessments to identify potential threats, including considerations for fraud.
Prior to authorizing a new vendor, they are reviewed and risk assessed.
Test Driven Development
Using the test-driven development approach and automated functional testing, we ensure the robustness of the system during the product development cycle.
We are SOC-2 Compliant
Organizational Security
Informational Security Program
We have an Information Security Program in place that is communicated throughout the organization. Our program follows the criteria set forth by the SOC-2 Framework. SOC-2 is a widely known information security auditing procedure created by the American Institute of Certified Public Accountants.
Roles and Responsibilities
The roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. All team members are required to review and accept all of the security policies.
Security Awareness Training
Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
Confidentiality
All team members are required to sign and adhere to an industry standard confidentiality agreement prior to their first day of work.
Background Checks
We perform background checks on all new team members in accordance with local laws.
Cloud Security
Cloud Infrastructure Security
All of our services are hosted with Amazon Web Services (AWS). They both employ a robust security program with multiple certifications. For more information on our provider's security processes, please visit AWS Security.
Data Hosting Security
All of our data is hosted on Amazon Web Services (AWS) databases. These databases are all located in the United States unless otherwise requested. Please reference the link to our vendor for more information.
Encryption
All databases are encrypted at rest. In addition, our applications encrypt in transit with TLS/SSL only.
Vulnerability Scanning
We regularly perform vulnerability scanning and are actively monitoring for threats.
Business Continuity and Disaster Recovery
We use Amazon’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
Incident Response
We have a process for handling information security events which includes escalation procedures, rapid mitigation and communication.
Access Security
Permissions and Authentication
Access to cloud infrastructure and other sensitive tools are limited to authorized employees who require it for their role.Where available we have Single Sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure access to clause services are protected.
Least Privilege Access Control
We follow the principle of least privilege with respect to identity and access management.
Quarterly Access Reviews
We perform Quarterly Access reviews of all team members with access to sensitive systems.
Password Requirements
All team members are required to adhere to a minimum set of password requirements and complexity for access.
Password Managers
All company issued laptops utilize a password manager for team members to manage passwords and maintain password complexity.
Using Our Platform
Organization License
If your account is associated with an organization's license, meaning they provided you access to the services, that organization may have access to view your profile. Although licensees have access to view this information, you do not have access or permission to share it. You must get permission from the user to use or share their information.
ADA Compliance
iFOLIOs are compliant with ADA regulations (Americans with Disabilities Act Standards for Accessible Design). iFOLIO offers users text-to-speech and closed captioning alternatives. Images in iFOLIOs should have alternative text (alt text) descriptions, which describe the image using text so that individuals who use screen readers are able to access the content.
iFOLIO Ensures Responsible Account Management
Audit Logs that record user's events and track changes during sessions. Role-Based Access Control (RBAC) that can assign permissions to authorized users and restrict control for unauthorized users to edit templates or view information. Single Sign-On (SSO) allowing the user to log in once and access services without re-entering authentication factors. Single Log-Out (SLO) so that a single action of signing out terminates access to all active user sessions to secure the account.
iFOLIO Uses HTTPS & TLS to Encrypt Our Data
Security is achieved by data transfer encryption, multilevel access control, users actions audit, automated logs monitoring with multiple triggers alerting iFOLIO support about any suspicious events
iFOLIO Uses HTTPS & TLS to Encrypt Our Data
iFOLIO's tech team uses AWS in order to give our users the experience on the cloud.
Check out their Data Privacy FAQ for more info.
Amazon Relational Database Services
Amazon RDS makes it easy to set up, operate, and scale in the cloud. It provides cost-efficient and resizable capacity while automating administration tasks such as hardware provisioning, database setup, patching and backups.
This allows us to focus on building our solution while giving you fast performance, high availability, security and compatibility.
AWS Lambda
AWS Lambda is a serverless compute service that lets us run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes.
With Lambda, We can run code for virtually any type of application!
System Monitoring
iFOLIO uses a combination of AWS CloudWatch and Zabbix to monitor and optimize our information systems.
Encryption of Sensitive Data
AES Crypt is a file encryption software that follows the industry-wide Advanced Encryption Standard to easily and securely encrypt files.
Building, Deploying, & Automating New Features
Jenkins is an open source automation server that allows our developers to reliably build, test, and deploy software.
iFOLIO + Amazon Web Services
iFOLIO takes Twilio's programmable text message and adds images, clickable links, and signatures to campaigns that can be mass delivered from a 10-digit phone number. Our partnership with Twilio's API and intelligence software ensures trusted communications across mobile channels.
Non-iFOLIO Applications, Integrations and Your Data
You grant Us permission to allow the Non-iFolio Application and its provider to access your Data as required for the interoperation of that Non-iFolio Application with the Service.
We are not responsible for any disclosure, modification or deletion of Your Data resulting from access by such Non-iFolio Application or its provider.
950 East Paces Ferry Rd NE, Suite 1500, Atlanta, Georgia 30326
Phone: 470 - 223 - 4818, | Email: info@ifoliocloud.com