Privacy and data protection.
InTime builds security into everything we do so our customers can focus on what they do best – keeping the public safe.
InTime maintains compliance with the globally-recognized SOC2 Type 2 framework for security, confidentiality, availability, processing integrity and privacy trust services criteria.
Powered by AWS.
All InTime customer data is hosted by Amazon Web Services (AWS) in secure data centers designed to host sensitive data, regulate workloads, and address the most stringent government security and compliance requirements.
Best-practice disaster recovery.
InTime secures customer data in AWS-hosted geographically dispersed data centers with disaster-recovery systems in place. This guarantees both data integrity and data availability in the event of any data center-wide, and/or region-wide outages. Should such an event occur, failover to data recovery systems minimizes any interruption in service.
Keep your data private.
InTime is committed to keeping your data secure, available and confidential by deploying the latest security and privacy controls.
InTime is built with TLS 1.2 encryption to secure data in-transit, and robust AES 256 encryption to secure data at-rest. Both of these standards exceed Federal Information Processing Standards (FIPS 140-2), deemed as rigorous best-practice standards.
InTime employs a third-party Security Operations Center to monitor our infrastructure for threats and abnormalities 24/7, 365 days per year.
Yes, our production environment is maintained and backed up in AWS data centers with multi-availability zone failover.
InTime’s production network and system components are managed in AWS data centers designed to anticipate and tolerate failure while maintaining service levels. Third-party testing of AWS data centers ensures AWS has appropriately implemented security measures aligned with established rules needed to obtain security certifications that support controls around security, redundancy, and all critical support elements.
InTime has implemented an organization-wide governance, risk, and compliance (GRC) program that identifies, assesses, mitigates, and monitors risks to our customer’s data and infrastructure supporting our services. Security mechanisms include:
- Quarterly network and system vulnerability scans and corresponding security patching program
- Annual third party penetration tests
- At-rest and in-transit encryption
- Perimeter firewalls and intrusion detection systems
- Security logging implemented at every level of infrastructure
- Centralized logging and monitoring application that alerts employees when security events are detected
- Enforced two factor authentication process for any employee accessing production infrastructure
- Annual third party SOC2 assessment
Yes, InTime has been successfully assessed by a validated third party against the SOC 2 Type 1 & Type 2 framework for security, availability, confidentiality, processing integrity and privacy trust services criteria. Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.
Yes. All InTime customer data is encrypted in transit and at rest. We ensure a minimum AES-256bit level encryption (FIPS140-2 certified) and at no time is any customer data left in an unencrypted state, including data that has been backed-up.
InTime deploys industry-leading technology including IDS, IPS, Log Monitoring, and WAF, and partners with security experts to ensure the highest level of security. We also monitor and apply necessary patches and updates to ensure our environments are secure from any exploits or attacks, following a strict patch management life cycle which includes assessment and testing prior to applying patches. In addition to monitoring, blocking, and patching, we also perform regular third-party audits and tests of all layers of our application.
Production systems for InTime are housed at AWS ISO 27001 and SOC 2 assessed data centers. They are monitored 24 hours a day by security personnel and include a full suite of physical and environmental controls.
Yes. InTime maintains its data in geographically dispersed data centers with multi-region disaster-recovery systems in place. This guarantees both data integrity and data availability in the event of any data center-wide, and/or region-wide outage. Should such an event occur, failover to data recovery systems minimizes any interruption in service.