Intility Trust Center
This Trust Center provides insight, transparency and information regarding our technical and organizational security initiatives and controls. Our customers can use it to support their own compliance requirements.
Intility’s audit reports and other relevant documentation can be downloaded here: Compliance Document Center
Please do not hesitate to contact email@example.com if you have further questions or need more information.
Privacy and Data Protection
To safeguard the privacy of our customers, we continuously apply improvements to our information security management system. This is ensured through risk assessments of our systems and infrastructure, evaluation of existing controls, documentation of data processing activities, audits of third-party providers and aquisition of new security technologies.
All assurance documentation is made available to customers in the form of two comprehensive attestation reports: ISAE 3402 Type II and ISAE 3000 Type II.
Independent Security and Penetration Testing
Security and penetration testing is an integrated part of Intility’s platform service. Independent third parties perform continuous security assessments and penetration tests. These tests are conducted by reputable cyber security firms, and supplements Intility’s own security monitoring and response capabilities.
Customers of Intility can also conduct tailored security assessments/penetrations tests specific to their own environments upon request.
To ensure service availability, Intility’s platform infrastructure is redundantly designed. Failover testing to ensure that the redundancy work as intended are performed regularly. In addition, response activities for different disaster scenarios are tested in simulated production environments on regular intervals.
Critical physical infrastructure such as power, cooling and firefighting mechanisms are maintained, tested and audited in accordance with contractual agreements. These control activities are also audited as part of the annual ISAE 3402 Type II attestation report available to all customers.
Cloud Security Alliance - CSA
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising best practices to help ensure a secure cloud computing environment. Intility was the first Norwegian corporate member of this alliance, which harnesses the subject matter expertise of industry practitioners, associations, governments, and businesses. Other corporate members of the Alliance include Microsoft, Google, Hewlett Packard, Cisco, IBM and Amazon Web Services as well as audit and security organizations such as ISACA, (ISC)², PwC, Deloitte, KPMG and Ernst & Young.
The Alliance has developed Cloud Controls Matrix (CCM), which is a framework designed to provide fundamental security principles for guiding cloud service providers and to assist prospective customers in assessing relevant risks. The CCM is the world’s only framework of cloud-specific security controls mapped to leading standards, best practices and regulatory requirements such as COBIT, PCI-DSS and ISO 27001.
Intility was the first Norwegian corporate member of the Cloud Security Alliance, and we have documented our response to all 16 control domains (comprising of 300 control activities) in the CCM. These are available upon request.
ISAE 3402 Type II Audit Report
ISAE 3402 Type II is an internationally recognized auditing standard that governs how an independent auditor should audit a service provider’s internal controls to determine whether they are appropriate and work over time (a full year). Intility’s ISAE 3402 type II report describes how information security is ensured on the Intility platform. In the report, PwC gives an independent statement on whether our information security controls are appropriate and have served one purpose for an entire year. Any deviations and weaknesses that are identified are described in detail. The report provides direct audit support to our customers and their auditors, including in connection with accounting audits, GDPR, ICT regulations, internal audits and other types of audits where there is a need for assurance that information security is safeguarded in a reassuring manner. In the report, PwC Intility’s audits related to:
- Governance and risk management
- Independent audit assurance
- Security monitoring and incident response
- Vulnerability management
- Identity and access management
- Identity and access management (Microsoft Cloud Services)
- Endpoint security (Windows and MacOS)
- Endpoint Security iOS and Android)
- Business continuity and operational resilience
- Data center security (access management)
- Data center security (HVAC and power management)
- Change Control and configuration management
Compliance Document Center
Intility’s Compliance Document Center contains detailed descriptions of our security measures and controls. Here you can find governing policies, audit reports, certifications, data center security descriptions, security incident monitoring and response descriptions, a Q&A and more.
Customers can freely use this material to document internal assurance requirements, perform risk assessment and perform other internal control related initiatives.
Please contact firstname.lastname@example.org if you need access to documentation that is not available in the Compliance Document Center or have other enquiries.