Intuto prioritises data security and privacy. Although we prefer not to disclose extensive details about our security infrastructure and processes to avoid aiding potential threats, here is a high-level overview of how we protect our system and the data it contains.
Data Center
Intuto safeguards vital information and data essential to its customers' operations. To ensure minimal downtime and swift recovery even in catastrophic scenarios affecting entire data centers, Intuto has implemented multiple layers of redundancy in its physical infrastructure.
Our systems and data are stored across servers in Australia and New Zealand in both Microsoft Azure and Vocus data centres which are both ISO 27001 certified which means you can be confident that their data is in safe hands.
We have robust DDoS mitigation measures and real-time security threat monitoring and detection in place at all our data centres.
Intuto also maintains a comprehensive application continuity plan for extreme situations, including a "nuclear attack on a data centre" scenario.
View our privacy policy for more information.
Application and Database
The Intuto application and databases are housed in a secure VPC (Virtual Private Cloud) and are accessible only by authorized personnel through a VPN (Virtual Private Network).
The Intuto database is secured within the VPC, accessible only through approved access points, and is safeguarded by three layers of firewalls.
Intuto's development and maintenance practices adhere to industry best practices and standards in web application security, including but not limited to OWASP (owasp.org).
All data is backed up using a "Point-in-time recovery" backup system. Backups remain within Australia & New Zealand and the secure Intuto VPC.
All traffic to and from the Intuto system, as well as within the system itself, is encrypted.
All sensitive information stored in the Intuto system is encrypted or hashed at rest.
Processes and Protocols
Only a very limited number of authorised Intuto employees can access production systems.
Any access to production systems is conducted under stringent protocols and processes.
Third-party contractors or suppliers are not permitted to access production systems under any circumstances.
All Intuto developers and engineers are residents of New Zealand and access production systems only while located in New Zealand.
Intuto's security is continuously tested, benchmarked, and monitored against industry standards.
What you can do to protect your data
Cloud-based software that is properly secured and follows current best practices is very safe. It is almost impossible for someone with malicious intent to hack into a system through the application or an infrastructure or application vulnerability. Recently, the overwhelming majority of data breaches are carried out through the practice of "social hacking."
There are several steps your organisation can take to mitigate the risks of a data breach:
- Each employee should have their own login to the system. Cancel or suspend all employee logins if they are no longer employed or on leave.
- Employees should not share their passwords with others, including other employees.
- Employees should update their passwords regularly. (Intuto enforces periodic administrator password updates).
- Restrict the ability to download (extract or export) sensitive data only to those who need it. Ideally, only one employee should have the ability to export data from the system. Other employees needing extracted data must go through this person and provide a reason for obtaining the exported data.
- Exported data should only be saved to secured computers.
- Exported data should be deleted when it is no longer needed.
- Never send exported data as an email attachment. Always use secure file delivery services.
- Ensure a data privacy policy is received from any third-party service providers that you need to provide exported data to (such as an events coordinator, trainers, etc.).
- Do not open email attachments if you do not know or trust the source of the email.
- Do not install unauthorized software on any computers used to log into the Intuto system.
- Ensure antivirus software is installed and kept up to date on any computers used to log into the Intuto system.
