Security
Ipiphany AI is ISO/IEC 27001 certified and manages information security within a framework based on related standards such as ISO/IEC 27017 (Code of Practice for Information Security Controls Based on ISO/IEC 27001 for Cloud Services) and ISO/IEC 27018 (Protection of Personally Identifiable Information).
Internationally recognized ISO/IEC 27001 is an excellent framework which helps organizations manage and protect their information assets so that they remain safe and secure. It helps you to continually review and refine the way you do this, not only for today, but also for the future. Learn more about ISO 27001 with BSI.
Ipiphany AI is ISO 27001:2013 certified. The certificate is available for download here.
Ipiphany AI always treats customer data as confidential. Ipiphany AI does not access, use or share the information collected from a customer except as set forth in the Terms to carry out its obligations under this agreement, and as per our Privacy Policies.
For information on our legal and privacy terms, please visit:
Ipiphany AI's compliance with security standards and ISO 27001 is reviewed annually by an independent accredited third party. In addition, Ipiphany AI’s security maturity has been reviewed on a number of occasions by third parties including external auditors such as PWC.
For customers based in the EU, or who source data from the EU, we offer a Data Processing Agreement. This defines the terms and conditions (including the incorporation of the European Commission’s Model Contractual Clauses) regarding the processing of personal data that is transferred from an EU to a non-EU jurisdiction, in accordance with the requirements of the GDPR.
Customer initiated security assessments and audits are possible, but will be agreed on a case by case basis and require an independent auditor, in order to protect the confidentiality of customers who are not party to the audit. As these custom audits require effort and carry cost for the customer, Ipiphany AI offers to make a summary of the most recent third-party audits or certifications available instead.
Ipiphany AI has implemented an Information Security Management System (ISMS) that is compliant with ISO 27001, the international standard for information security. This ISMS also aligns with ISO 27017 (Code of Practice for Information Security Controls Based on ISO 27001 for Cloud Services) and ISO 27018 (Protection of Personally Identifiable Information).
The Ipiphany AI Information Security Management System and related controls cover these domains:
This ISMS is reviewed independently on a regular basis to provide for continued effectiveness and accuracy.
If you require additional information to the above security domains, please see below or contact us.
Ipiphany AI has defined its methodology for assessment and treatment of information risks based on the ISO/IEC 27001 standard. Risk assessment and risk treatment are applied to the entire scope of the Information Security Management System (ISMS), i.e. to all information assets within Ipiphany AI or which could have an impact on information security, including customer information.
Ipiphany AI approves and engages with third-party security firms to perform penetration testing that can uncover potential vulnerabilities and improve the overall security of our products and services. Upon receipt of the report provided by the third party, Ipiphany AI documents these vulnerabilities, evaluates the impact and likelihood (risk), and creates a mitigation strategy or remediation plan. Penetration tests are conducted in regular intervals or after every major release.
Other technical compliance activities include:
New vulnerabilities and threats evolve each day, and Ipiphany AI strives to respond quickly to mitigate newly discovered threats. In addition to subscribing to industry-wide vulnerability announcement lists, Ipiphany AI subscribes to the latest security alert lists issued by major security vendors.
Vulnerability and web scans are performed quarterly.
When a significant announced or detected vulnerability puts one of Ipiphany AI's products at risk, the Ipiphany AI CISO and Security Team communicate the vulnerability to the appropriate teams within Ipiphany AI and coordinate the mitigation effort. Vulnerabilities are assessed for risk, and appropriate measures taken to address the associated risk.
Ipiphany AI scans all inbound and outbound email for known malware threats.
Anti-malware protection mechanisms are implemented for all systems and employee assets (e.g. laptops) commonly affected by malware. Anti-malware protection involves the following:
Ipiphany AI maintains a detailed incident management process which includes the standard phases:
When an incident occurs that impacts Ipiphany AI products or services, the CISO and security team work with the operations and product development teams to identify, mitigate and resolve the issue. Suspected and confirmed security incidents are investigated by security, operations, or support personnel; and appropriate resolution steps are identified and documented. For any confirmed incidents, we will take appropriate steps to minimise product and customer damage or unauthorised disclosure. You will be notified of operational and security incidents in accordance with our Privacy Policy.
We maintain a record of known security incidents that includes description, dates and times of relevant activities, and incident disposition.
Ipiphany AI has developed a comprehensive set of security policies covering a range of topics as part of its ISMS. Ipiphany AI employees are provided with the relevant policies when joining the organisation. The employment contract includes specific clauses stating they have read and agree to comply with these. In addition the onboarding process for all employees includes specific sections around security and compliance, with more in depth training provided depending on the specific role.
All employees understand that disciplinary action will be taken for non-compliance.
Ipiphany AI performs background checks for employment purposes. This specific nature and scope of these checks that Ipiphany AI typically seeks includes inquiries regarding educational background, work history, and references obtained from professional and personal associates as well as criminal background checks, each as permitted by applicable law. These background check requirements apply to all employees and contractors, including those who will be administering systems or have access to customer information.
All employees have signed a Non-Disclosure and Confidentiality agreements before gaining access to our code and data.
When an employee leaves Ipiphany AI, the employees manager submits an exiting worker request. Once approved, Ipiphany AI HR initiates an email workflow to inform relevant stakeholders to take specific actions leading up to the employee’s last day. In the event that Ipiphany AI terminates an employee, the HR department sends a similar email notification to relevant stakeholders, including the specific date and time of the employee termination. Ipiphany AI Security then schedules the following actions to help ensure that upon conclusion of the employee’s final day of employment, they can no longer access the Ipiphany AI systems, offices or confidential files:
If required, managers may escort the terminated employee from the Ipiphany AI offices or building.
All staff undergo security awareness training when they join the company to ensure they understand the company security policies and procedures, and the specific security aspects applicable to their role. This training may be repeated if employees change roles or teams, and all employees take part in an annual security training session to update and refresh awareness.
Security awareness training covers these topics:
Role based security training
Staff receive annual training which has four levels depending on the employee role:
Various teams within Ipiphany AI participate in additional security training, workshops and attend security conferences to increase awareness of how security affects specific roles within the organisation, our products and services, and the company as a whole.
As part of our commitment to the security of our products and services, Ipiphany AI coordinates all security efforts under the role of Chief Information Security Officer (CISO). The office of the CISO coordinates all product and service security initiatives.
The CISO also manages the Operations and Security teams, who securely maintains the infrastructure and environments used to host all company products, and who act as security consultants to Ipiphany AI product development and operations teams. This team is also responsible for assessing and managing security incidents as well as weaknesses and taking any necessary responsive measures.
The team members work with teams and staff members across the business to strive to achieve the right level of security for products and services and advise these teams on security practices for clear and repeatable processes for development, deployment and operations.
A Secure Product Life-cycle provides guidance and requirements for the development of Ipiphany AI software products and services. The objective of the Secure Product Life-cycle is to embed secure processes and practices into the development culture of the organisation. This is done to ensure that information security is accounted for at every phase of the development life cycle, and as a result, the software and systems produced have a high level of security.
The Secure Product Life-cycle (SPLC) covers the following eight stages:
The Secure Product Lifecycle (SPLC) activities include some or all of the following recommended practices, processes and tools depending on the specific Ipiphany AI product:
Additional information about system and application security for Ipiphany AI Products is available in the sections for Ipiphany, TouchpointMX, TouchpointCX/Loyalty+.
Ipiphany AI maintains offices around the world and implements the following processes and procedures company-wide to protect the company against security threats.
Every Ipiphany AI office location employs on-site guards and/or electronic surveillance to protect the premises 24x7. Visitors enter through the front entrance, sign in and out with the receptionist, and are accompanied by an employee at all times while on the premises. Ipiphany AI keeps all server equipment, development machines, phone systems, file and mail servers, and other sensitive systems secured at all times accessible only by appropriate, authorised staff members.
Ipiphany AI platform networks are segregated into logical zones based on trust level. These zones include DMZ for public services, application layer for application services, storage layer for databases and related file storage. This segregation is enforced, such as by utilising a combination of VLANs, Security Groups, Network ACLs and/or Local Firewall Policies. Ipiphany AI's office network is logically segregated based on trust level, e.g. office and guest WiFi.
Access to systems and data is tightly controlled.
Employee access to customer data
Ipiphany AI maintains segmented development and production environments, using technical controls to limit network and application-level access to live production systems. Employees have specific authorisations to access development and production systems. Access is given to employees using need to know and least privilege principles. Access rights are reviewed quarterly. Access is secured through multi-factored authentication and encryption in transit. The allocation and use of privileged access rights is restricted and controlled. Privileged access is only granted to employees requiring elevated access to perform their job responsibilities.
Customer data will only be accessed as necessary to resolve a support or service issue.
A robust VPN network is in place for all system administration access. All access for system administration is only available over the VPN network.
Rules governing the installation of software by users have been established and implemented. Employees are restricted from installing software unless duly authorised.
Backup copies of information, software and system images are taken and tested regularly. Backups and restore tests are scheduled according to the availability requirements of the information that is being backed up. The schedule is documented and maintained for all critical Ipiphany AI owned systems and data. Backups are held in a geographically separate location from the source data.
Ipiphany AI uses a robust monitoring solution to proactively monitor the Ipiphany AI systems and networks 24/7 in order to maintain uptime and proactively resolve issues. Each system component is monitored, e.g. for excessive resource usage. Automated notifications are in place to notify Ipiphany AI teams of issues or outages.
Event logs record user activities, exceptions, faults and information security events are regularly reviewed. This includes system and service logs, as well as application logs of all production systems. A central log server receives all critical system logs, analyses them for unusual events, and alerts Ipiphany AI teams.
Logging facilities and log information are protected against tampering and unauthorised access. Access to the central log server is restricted. Only selected staff can erase logs within the individual systems. Backups of logs are taken as per backup schedule.
System administrator and system operator activities are logged and the logs protected and regularly reviewed. All administrator and operator logs are kept and protected from being deleted or tampered with.
Ipiphany AI's Business Continuity Management Programme works alongside and is embedded in the ISMS. The framework follows the ISO 22301:2012 standard and takes guidance from the BCI good practice guidelines 2018. The programme ensures Ipiphany AI has the ability to rapidly adapt and respond to business disruptions, safeguard people and assets, while maintaining continuous business operations. This is achieved through four principal areas of focus: Business Continuity, Disaster Recovery, Incident Management and Crisis Management. Ipiphany AI maintains its readiness by proactively assessing operational risks, establishing contingency plans, and administering incident response and crisis management training.
Ipiphany AI has established a risk framework (Business Impact Analysis) that accounts for the evaluation of our facilities, technology, applications, data, processes and overall organisation to ensure our risk mitigation strategy operates at multiple levels with broad coverage. The Business Continuity Management Programme includes validation steps to ensure resiliency strategies are effective and meet the policy established by the programme. The validation includes test, exercise, monitoring, internal audit and management review of Business Continuity Programme, including the BCP and Disaster Recovery plans.
Our Disaster Recovery (DR) programme ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.
In the event of a business disruption, the BCP and DR allow us to continue operations of critical functions, we accomplish this in part by:
Ipiphany, our AI Customer Feedback Analytics tool, uses natural language processing to read and categorise text feedback from sources like reviews, VoC, and surveys to help uncover the impact of issues in the customer’s experience.
We have architected Ipiphany with security considerations at its core. Access to Ipiphany is controlled by a unique user ID that is managed by an administration console, and may be tied into your enterprise directory services. We utilise industry standard software security methodologies for both management and development lifecycles. Data is encrypted in transit, as well as being tracked and monitored throughout its entire lifecycle.
Ipiphany AI utilises best-of-breed hosting through Amazon Web Services (AWS) in a multi data centre configuration to provide you with constantly replicated data backup so your data is available when you need it. Our cloud services are protected, managed and monitored by state of the art solutions. These tools enable us to see exactly what’s happening in the Ipiphany environment, including monitoring of application usage, system activities, and unauthorised intrusion attempts. We employ service clustering and network redundancies to eliminate single points of failure.
Ipiphany is a SaaS application that utilises a multi-tenant architecture to enforce the logical segregation of customer data within a shared application. The architecture is scalable using service clustering and load balancers to eliminate single points of failure.
Active security designed into the application
The Ipiphany application is implemented using a purposely designed secure application framework that ensures that customers can only access data from the logical partitions they own and manage. This is enforced via an application security layer that verifies that all requests for data, and all returned data, belong only to the logical partitions they are authorised to access.
In actively monitoring all requests, the Ipiphany application framework detects in realtime any unauthorised attempts to access data or to tamper with credentials. Any such attempts are automatically logged and alerted, and depending on the alert level will result in the user and/or IP address being automatically blocked from access.
In addition, the application framework follows best practice security architecture principles such as:
Network security
Ipiphany networks are configured in line with AWS and industry standard best practice creating a fully redundant and secure network architecture which is designed to mitigate the impact of individual component failure.
Networks are segregated into logical zones based on trust level. This segregation is enforced by utilising a combination of Security Groups, Network ACLs and/or Local Firewall Policies.
Development, testing and production networks are isolated from each other in distinct AWS VPCs.
Data flow
Data flow image
Entitlement and identity management
Ipiphany uses named user licensing. Three types of named user licensing are available.
Application and service entitlement is managed through the Ipiphany Administration area of the Ipiphany Console. Once a user has validated themselves to Ipiphany, they will access the services and data which their IT administrators have entitled them through the Ipiphany Administration Console. They can then perform whatever actions are allowed for which they have been entitled.
Access control
Ipiphany includes secure mechanisms for users to set, change and reset their passwords.
Ipiphany ID and Enterprise IDs both leverage modern hash algorithms in combination with password salts. Our product continually monitors user accounts for unusual or anomalous activity and evaluates this information to help quickly mitigate threats to their security and prevent unauthorised access.
These mechanisms manage access in accordance with best practice standards, including:
Secure data storage in AWS
Ipiphany leverages multi-tenant storage. Customer data is stored redundantly on servers across multiple availability zones to ensure high-availability.
All data stored within Ipiphany is protected by Identity and Access Management (IAM) roles within that AWS Region.
Data encryption and secure management
Communications between customers and Ipiphany are encrypted via industry best-practices HTTPS and Transport Layer Security over public networks. All customer data into or out of Ipiphany occurs over secure channels:
Administrative access to the Ipiphany Console by Ipiphany AI staff is protected by multi-factor authentication.
All server file systems of the Ipiphany platform that hold customer data are encrypted at rest using AWS file system encryption.
Data durability and backup
Ipiphany AI stores all Ipiphany customer data in Amazon S3 and Amazon EBS, which provide storage infrastructure with high durability. This is supported by the usage of 3 Availability Zones (the equivalent of 3 distinct data centres) for the Ipiphany platform.
Data backups are performed daily and stored securely across multiple availability zones in S3, for a period of no less than 3 months.
Data residency and geo-location
All data uploaded into Ipiphany by our customers is being held in AWS, with Australia and the US being the primary geo-locations. Customers can choose to locate their data in the US or Australia, with more locations to be added over time.
Data replication for Amazon S3 data objects occurs within the regional cluster where the data is stored and is not replicated to other AWS regions.
To learn more about our third party service providers and their geo-location, please see here.
Data retention and destruction
Ipiphany AI retains data for no longer than three years or as per agreement with the customer. Upon termination of services, Ipiphany AI deletes all customer data. Further, storage media are securely wiped in line with U.S. DoD 5220.22-M as part of the decommission process.
Ipiphany AI physical security is covered under Operational Security here.
As previously covered, components of Ipiphany are hosted on AWS, including Amazon EC2 and Amazon S3. Amazon EC2 is a computer service that provides automatically scalable capacity in the cloud, allowing Ipiphany AI to scale based on customer demand. Amazon S3 is a highly reliable data storage infrastructure for storing any amount of data securely.
AWS security controls and compliance
AWS is compliant with several international security standards which include ISO 27001, SOC2 and others, which are listed here.
Isolation of customer data/Segregation of customers
AWS uses strong tenant isolation security and control capabilities. As a virtualised, multi-tenant environment, AWS implements security management processes and other security controls designed to isolate each customer from other AWS customers. Ipiphany AI uses the AWS Identity and Access Management (IAM) to further restrict access to compute and storage instances.
Secure network architecture
AWS employs network devices, including firewalls and other boundary devices, to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, access control lists (ACL), and configurations to enforce the flow of information to specific information system services. ACLs, or traffic flow policies, exist on each managed interface to manage and enforce the flow of traffic.
Network monitoring and protection
AWS uses a variety of automated monitoring systems to provide a high level of service performance and availability. Monitoring tools help detect unusual or unauthorised activities and conditions at ingress and egress communication points. The AWS network provides significant protection against traditional security issues such as:
AWS monitors electrical, mechanical and life support systems and equipment to help with the immediate identification of service issues. In order to maintain the continued operability of equipment, Amazon performs ongoing preventative maintenance.
You can find more information about AWS security controls and compliance on the Amazon website.
Physical security at AWS
AWS data centre locations (Availability Zones) are built to be independent and physically separated from one another. They are designed to anticipate and tolerate failure while maintaining service levels.
AWS provides physical data centre access only to approved employees on the principle of least privilege, where requests must specify to which layer of the data centre the individual needs access, and are time-bound. Third-party access is requested by approved AWS employees, who must apply for third-party access and provide a valid business justification. Once granted admission, individuals are restricted to areas specified in their permissions. Anyone granted visitor badge access must present identification when arriving on site and are signed in and escorted by authorised staff.
Ipiphany AI employees do not have physical access to the data centre or servers on which Ipiphany is hosted.
Physical access points to server rooms are recorded by Closed Circuit Television Camera (CCTV). Physical access is controlled at building ingress points by professional security staff utilising surveillance, detection systems, and other electronic means. Electronic intrusion detection systems are installed within the data layer to monitor, detect, and automatically alert appropriate personnel of security incidents. Door alarming devices are also configured to detect instances where an individual exits or enters a data layer without providing multi-factor authentication. Alarms are immediately dispatched to 24/7 AWS Security Operations centres for immediate logging, analysis, and response.
Operational support systems are in place to protect the server room and assets. This includes redundant power supply, mechanisms to control climate and maintain an appropriate operating temperature to prevent overheating and reduce the possibility of service outages.
More information about AWS physical and environmental controls is outlined here.
Operational responsibilities of AWS and Ipiphany AI
Amazon operates, manages and controls the components from the hypervisor virtualisation layer down to the physical security of the facilities in which Ipiphany operates. In turn, Ipiphany AI assumes responsibility and management of the guest operating system and application software, as well as the configuration of the AWS-provided security features, e.g. firewalls.
Amazon also operates the cloud infrastructure used by Ipiphany AI to provision a variety of basic computing resources, including processing and storage. The AWS infrastructure includes facilities, network and hardware, as well as the operational software (e.g. host OS, virtualisation software, etc.) that supports the provisioning and use of these resources. Amazon designs and manages AWS according to industry-standard practices as well as a variety of security compliance standards.
TouchpointMX is a powerful, omni-channel marketing platform. It can turn customers from occasional shoppers into loyal brand advocates. This cloud product includes the TouchpointMX Management Console for the management of data and other websites and services depending on the customer’s needs and setup. TouchpointMX can provide email campaigns, microsites, forms, loyalty programmes, surveys, SMS campaigns or custom solutions built on the base of TouchpointMX.
All this is designed with security considerations at its core. Access to data is protected by industry standard software security methodologies for both management and development lifecycles. Data is encrypted in transit, as well as being tracked and monitored throughout its entire lifecycle.
Ipiphany AI utilises best-of-breed hosting for TouchpointMX, in New Zealand via a state-of-the-art data centre and in Australia through Amazon Web Services (AWS). Customers can choose the main location of their data, NZ or AU. Both offer high levels of redundancy, constantly replicated data backup and security managed by an expert team.
TouchpointMX is protected, managed and monitored by state of the art solutions. These tools enable us to see exactly what’s happening in the Touchpoint MX environment, including monitoring of application usage, system activities, and unauthorised intrusion attempts. We employ service clustering and network redundancies to eliminate single points of failure.
TouchpointCX and Loyalty+ run on the foundation of TouchpointMX infrastructure and application services. All details about the security in this section also apply to TouchpointCX and Loyalty+.
