Workforce Identity
Endpoint Management
Endpoint Detection & Response
Vulnerability Management
Compliance Automation
Trust Center
SOC 2 Type II
Iru’s successful completion of a SOC 2 Type 2 examination of related components and services ensures we maintain a robust set of security controls, policies, and practices. The AICPA’s SOC for Service Organizations Trust Services Criteria regularly validates these protocols through external audits.
Our SOC 2 Type II report is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.
ISO 27001
Iru has successfully completed the ISO 27001 certification. The ISO 27001 is the international standard to manage information security. This demonstrates that Iru successfully operates a systematic approach to securing the data of our customers as well as our corporate information, and our commitment to continuous risk management.
Our ISO 27001 certification is available to current and prospective enterprise customers upon request, subject to the appropriate non-disclosure agreements.
Secure development process
Iru uses static (SAST) and dynamic analysis tools (DAST) to improve the security of our development process in the build pipeline. We evaluate source code and dependencies, then combine that evaluation with an analysis of exploitability trends and simple versioning as a function of our Secure-SDLC.
We institute change controls across production environments and security controls as best practices to continuously improve our capability-maturity model.
Regular Penetration Testing
Iru’s environments and products are scanned for vulnerabilities monthly via a reputable third-party platform and daily internally across our development pipelines. External penetration tests are performed a minimum of 2 times per year by a qualified third-party firm.
The results of these scans and tests are integrated into our development workflow to be addressed based on criticality and our vulnerability management policy.
Vulnerability Disclosure / Bug Bounty
Iru maintains a Vulnerability Disclosure Program to enable security researchers to securely report vulnerabilities they may have found.
Security Resources
Iru maintains several additional online resources related to our policies, terms, and practices.