Infology is committed to maintaining the security of information hosted and processed by us and our information security policy and procedures are carefully designed to protect the security and confidentiality of all data residing within our software. The information security measures we put in place evolve regularly to keep pace with commercial best practice and our security policies and procedures may accordingly be revised or updated from time to time in order to preserve the security and integrity of data residing under our control.
Authorized Infology software users' access to client projects and documents is controlled by a secure login requiring a valid username and password and all passwords are encrypted.
Access to our software may be restricted to specific IP addresses or IP address ranges to limit the workstations from which our software may be accessed. In addition, to prevent automated scripts from running thousands of password combination guesses, in the event of three incorrect password guesses, we may require additional human-user security checks to be passed to login to our software.
All input fields within Infology software are validated; escaped and quoted to prevent SQL injections and all variables passed through the URL are thoroughly validated. No strings may be passed in the URL for user input only integers, allowing careful validation and prevention against SQL injections. Infology uses Server Gated Cryptography (SGC) SSL certificates ensuring appropriate encryption of all data passed across the Internet between a user and an Infology hosted software server.
Our software may be licensed for installation at client or reseller premises behind private firewalls (where required by clients) or at Infology's own data processing offices or at third party data centres used by Infology and where Infology software will only be hosted on Infology-dedicated high performance servers. Where we provide hosting services to our End-Users or on behalf of our resellers, the data centres we utilise will offer appropriate measures designed to ensure the security and accessibility of data. These measures will typically include but not be limited to the use security cameras, biometric scanning and ID card authentication to secure access to physical services, multiple CAT diesel generators, HVAC cooling systems and early fire warning detection systems to protect against loss of data and storage of data on multiple hard-disks, such as in a RAID 1 or 2 array, to ensure that Infology software continues running with no loss of data or performance in the event of a drive failure. In addition, all documents and data residing with Infology software is backed-up once every 24 hours. Infology-hosted servers sit behind firewalls and are carefully monitored, regulated and patched with security updates.
We expect a similar commitment to best practice from our clients and resellers both by respecting the confidentiality of passwords and access codes and by ensuring their own software and hardware remains updated and secured.