Privacy and Security
Customer trust, information security and data privacy are at the heart of everything we do at OneIQ
OneIQ maintains ISO/IEC 27001 Information Security Management certification through the British Standards Institution (BSI), one of the leading certification bodies and original contributors to the ISO/IEC 27001 standard.
OneIQ conducts application and infrastructure testing annually through a leading security firm, which also works with clients in defense, financial services and public sectors.
Each year OneIQ undergoes ISO/IEC 27001 surveillance audits with BSI to ensure continuous improvements to our information security management system (ISMS).
OneIQ does not deploy agents during data collection to avoid increasing the attack surface on target systems.
Passwords entered into the OneIQ Pulse data collector are encrypted using AES-256 and are never displayed in plaintext or transmitted externally.
OneIQ encrypts inventory and performance data at the point of collection, in-transit and at-rest.
OneIQ Pulse data collector is digitally signed to prevent tampering with embedded scripts and software assemblies.
OneIQ performs web application and container image scanning to identify and mitigate security vulnerabilities.
OneIQ is hosted in the Canada Central (Toronto) region on Microsoft Azure, which provides extensive security capabilities. We use Azure Firewall and secure cloud storage with encryption-at-rest.
Inter-service communication and data transfers are performed over SSL.
OneIQ has a rigorous onboarding process for new suppliers and conducts annual reviews for existing suppliers to ensure that they have rigorous privacy and security policies in place.
OneIQ performs extensive logging to identify and mitigate security risks and vulnerabilities.
OneIQ has an Information Security Officer, who is responsible for compliance with the ISO/IEC 27001 standard, continuous improvement to our information security policies and procedures and incident management.
OneIQ has rigorous information security incident management procedures for mitigating security incidents and communicating security events.
New staff must undergo criminal record and employment verification checks before joining OneIQ and all contracts include a confidentiality agreement.
All staff must go through security training when they join OneIQ and at least once annually for refresh training.
All OneIQ systems have rigorous access controls and require single-sign-on (SSO) with two-factor authentication (2FA).
All endpoints used by staff have BitLocker encryption and security scanning software. Staff must use single-sign-on and follow clear-screen policies.