Yes, our production environment is maintained and backed up in AWS data centers with multi-availability zone failover.

InTime’s production network and system components are managed in AWS data centers designed to anticipate and tolerate failure while maintaining service levels. Third-party testing of AWS data centers ensures AWS has appropriately implemented security measures aligned with established rules needed to obtain security certifications that support controls around security, redundancy, and all critical support elements.

InTime has implemented an organization-wide governance, risk, and compliance (GRC) program that identifies, assesses, mitigates, and monitors risks to our customer’s data and infrastructure supporting our services. Security mechanisms include:

• Quarterly network and system vulnerability scans and corresponding security patching program
• Annual third party penetration tests
• At-rest and in-transit encryption
• Perimeter firewalls and intrusion detection systems
• Security logging implemented at every level of infrastructure
• Centralized logging and monitoring application that alerts employees when security events are detected
• Enforced two factor authentication process for any employee accessing production infrastructure
• Annual third party SOC2 assessment

Yes, InTime has been successfully assessed by a validated third party against the SOC 2 Type 1 & Type 2 framework for security, availability, confidentiality, processing integrity and privacy trust services criteria. Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.

Yes. All InTime customer data is encrypted in transit and at rest. We ensure a minimum AES-256bit level encryption (FIPS140-2 certified) and at no time is any customer data left in an unencrypted state, including data that has been backed-up.

InTime deploys industry-leading technology including IDS, IPS, Log Monitoring, and WAF, and partners with security experts to ensure the highest level of security. We also monitor and apply necessary patches and updates to ensure our environments are secure from any exploits or attacks, following a strict patch management life cycle which includes assessment and testing prior to applying patches. In addition to monitoring, blocking, and patching, we also perform regular third-party audits and tests of all layers of our application.

Production systems for InTime are housed at AWS ISO 27001 and SOC 2 assessed data centers. They are monitored 24 hours a day by security personnel and include a full suite of physical and environmental controls.

Yes. InTime maintains its data in geographically dispersed data centers with multi-region disaster-recovery systems in place. This guarantees both data integrity and data availability in the event of any data center-wide, and/or region-wide outage. Should such an event occur, failover to data recovery systems minimizes any interruption in service.