Security

Infrastructure security

Service infrastructure maintained

Iteration X has infrastructure supporting the service patched as a part of routine maintenance and as a result of identified vulnerabilities to help ensure that servers supporting the service are hardened against security threats.

Intrusion detection system utilized

Iteration X uses an intrusion detection system to provide continuous monitoring of Iteration X's network and early detection of potential security breaches.

Production database access restricted

Iteration X restricts privileged access to databases to authorized users with a business need.

Remote access MFA enforced

Iteration X's production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.

Production network access restricted

Iteration X restricts privileged access to the production network to authorized users with a business need.

Unique production database authentication enforced

Iteration X requires authentication to production data stores to use authorized secure authentication mechanisms, such as unique SSH key.

Remote access encrypted enforced

Iteration X's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.

Encryption key access restricted

Iteration X restricts privileged access to encryption keys to authorized users with a business need.

Production data segmented

Iteration X prohibits confidential or sensitive customer data, by policy, from being used or stored in non-production systems/environments.

Infrastructure performance monitored

An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met.

Production application access restricted

Iteration X restricts privileged access to the application to authorized users with a business need.

Access control procedures established

Iteration X's access control policy documents the requirements for the following access control functions: adding new users, modifying users, and/or removing an existing user's access.

Log management utilized

Iteration X utilizes a log management tool to identify events that may have a potential impact on Iteration X's ability to achieve its security objectives.

Network segmentation implemented

Iteration X's network is segmented to prevent unauthorized access to customer data.

Unique network system authentication enforced

Iteration X requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.

Firewall access restricted

Iteration X restricts privileged access to the firewall to authorized users with a business need.

Organizational security

Portable media encrypted

Iteration X encrypts portable and removable media devices when used.

Anti-malware technology utilized

Iteration X deploys anti-malware technology to environments commonly susceptible to malicious attacks and configures this to be updated routinely, logged, and installed on all relevant systems.

Employee background checks performed

Iteration X performs background checks on new employees.

MDM system utilized

Iteration X has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.

Password policy enforced

Iteration X requires passwords for in-scope system components to be configured according to Iteration X's policy.

Security awareness training implemented

Iteration X requires employees to complete security awareness training within thirty days of hire and at least annually thereafter.

Confidentiality Agreement acknowledged by contractors

Iteration X requires contractors to sign a confidentiality agreement at the time of engagement.

Production inventory maintained

Iteration X maintains a formal inventory of production system assets.

Confidentiality Agreement acknowledged by employees

Iteration X requires employees to sign a confidentiality agreement during onboarding.

Asset disposal procedures utilized

Iteration X has electronic media containing confidential information purged or destroyed in accordance with best practices, and certificates of destruction are issued for each device destroyed.

Product security

Penetration testing performed

Iteration X's penetration testing is performed at least annually. A remediation plan is developed and changes are implemented to remediate vulnerabilities in accordance with SLAs.

Data encryption utilized

Iteration X's datastores housing sensitive customer data are encrypted at rest.

Data transmission encrypted

Iteration X uses secure data transmission protocols to encrypt confidential and sensitive data when transmitted over public networks.

System activity logged

Iteration X captures system activity, including user activity, in transaction logs.

Vulnerability and system monitoring procedures established

Iteration X's formal policies outline the requirements for the following functions related to IT / Engineering: vulnerability management, system monitoring.

Internal security procedures

Vulnerabilities scanned and remediated

Host-based vulnerability scans are performed at least quarterly on all external-facing systems. Critical and high vulnerabilities are tracked to remediation.

Access reviews conducted

Iteration X conducts access reviews at least quarterly for the in-scope system components to help ensure that access is restricted appropriately. Required changes are tracked to completion.

Access requests required

Iteration X ensures that user access to in-scope system components is based on job role and function or requires a documented access request form and manager approval prior to access being provisioned.

Production deployment access restricted

Iteration X restricts access to migrate changes to production to authorized personnel.

Vendor management program established

Iteration X has a vendor management program in place. Components of this program include: critical third-party vendor inventory, vendor's security and privacy requirements, and review of critical third-party vendors at least annually.

Incident response policies established

Iteration X has security and privacy incident response policies and procedures that are documented and communicated to authorized users.

Change management procedures enforced

Iteration X requires changes to software and infrastructure components of the service to be authorized, formally documented, tested, reviewed, and approved prior to being implemented in the production environment.

Configuration management system established

Iteration X has a configuration management procedure in place to ensure that system configurations are deployed consistently throughout the environment.

Management roles and responsibilities defined

Iteration X management has established defined roles and responsibilities to oversee the design and implementation of information security controls.

Security policies established and reviewed

Iteration X's information security policies and procedures are documented and reviewed at least annually.

Roles and responsibilities specified

Roles and responsibilities for the design, development, implementation, operation, maintenance, and monitoring of information security controls are formally assigned in job descriptions and/or the Roles and Responsibilities policy.

Data center access reviewed

Iteration X reviews access to the data centers at least annually.

Physical access processes established

Iteration X has processes in place for granting, changing, and terminating physical access to company data centers based on an authorization from control owners.

Third-party agreements established

Iteration X has written agreements in place with vendors and related third-parties. These agreements include confidentiality and privacy commitments applicable to that entity.

Incident management procedures followed

Iteration X's security and privacy incidents are logged, tracked, resolved, and communicated to affected or relevant parties by management according to Iteration X's security incident response policy and procedures.

Development lifecycle established

Iteration X has a formal systems development life cycle (SDLC) methodology in place that governs the development, acquisition, implementation, changes (including emergency changes), and maintenance of information systems and related technology requirements.

Cybersecurity insurance maintained

Iteration X maintains cybersecurity insurance to mitigate the financial impact of business disruptions.

Continuity and Disaster Recovery plans established

Iteration X has Business Continuity and Disaster Recovery Plans in place that outline communication plans in order to maintain information security continuity in the event of the unavailability of key personnel.

Data and privacy

Privacy policy established

Iteration X has a privacy policy is in place that documents and clearly communicates to individuals the extent of personal information collected, Iteration X's obligations, the individual's rights to access, update, or erase their personal information, and an up-to-date point of contact where individuals can direct their questions, requests or concerns.

Data retention procedures established

Iteration X has formal retention and disposal procedures in place to guide the secure retention and disposal of company and customer data.

Privacy compliant procedures established

Iteration X has documented processes and procedures in place to ensure that any privacy-related complaints are addressed, and the resolution is documented in Iteration X's designated tracking system and communicated to the individual.

Customer data retained

Iteration X retains customer transaction data for the life of a customer account. No historic transaction data is purged until the customer account is deleted.

Privacy policy available

Iteration X has a privacy policy available to customers, employees, and/or relevant third parties who need them before and/or at the time information is collected from the individual.

Privacy policy reviewed

Iteration X reviews the privacy policy as needed or when changes occur and updates it accordingly to ensure it is consistent with the applicable laws, regulations, and appropriate standards.

Privacy policy maintained

Iteration X has established a privacy policy that uses plain and simple language, is clearly dated, and provides information related to Iteration X's practices and purposes for collecting, processing, handling, and disclosing personal information.

Data classification policy established

Iteration X has a data classification policy in place to help ensure that confidential data is properly secured and restricted to authorized personnel.

Iteration X
AI-native project management
Iso 27001 CertificateIso 27701 CertificateAICPA SOC Certificate
Discover
Follow us
Join our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
© 2024 Iteration X.
Privacy policyCookie policyTerms of serviceSystem statusSecurityHelpContact us
You have the control over your data. When visiting Iteration X’s website, no identifying information is stored or retrieved on your browser.
Read more
For more information, check our cookies policy. However, to improve your experience and the operation of the website, we do use strictly necessary cookies. They cannot be switched off in our systems, as they are set in response to actions made on the website and amount to a request for service. It is important to mention they do not  store any personally identifiable information. In compliance with data protection laws, cookies whose purpose is strictly limited to measuring the audience of the site or the application for the editor exclusively do not require the user's consent. Because we care about transparency, we are willingly taking the initiative to inform you of the use of such cookies and remind you that you may set your browser to block or alert you about these cookies. Take into account this may impact your use of the website and some parts of it may not work.
View less
DenyAccept all