Security
Last updated: 1 January 2026
Security is a first-class design goal for IGNITE IRM. This page summarises our platform and website controls and how to reach us about security.
Platform controls
- Identity & access: enterprise SSO (Microsoft Entra ID, Google, Okta, OIDC, LDAP, SAML) with MFA, and role-based access on the IIA Three Lines model (least privilege by design).
- Auditability: an append-only audit trail records significant actions for defensible, regulator-ready evidence.
- Encryption: TLS in transit and encryption at rest; secrets held in a managed vault, never in source code.
- Tenancy & residency: multi-tenant SaaS with strict per-organisation data scoping, or dedicated single-tenant private-cloud deployment on your chosen cloud/region.
- Resilience: automated backups with point-in-time recovery and tested restores.
- Secure SDLC: type-safe codebase, least-privilege database roles, and change-controlled releases.
Website controls
- Served exclusively over HTTPS with HSTS.
- A strict Content-Security-Policy, plus clickjacking (frame-ancestors / X-Frame-Options) and MIME-sniffing (X-Content-Type-Options) protections.
- Restrictive Referrer-Policy and Permissions-Policy; no third-party trackers.
Reporting a vulnerability
We welcome responsible disclosure. If you believe you have found a security issue, please email info@innovacatalyst.com with details and steps to reproduce. Please do not publicly disclose until we have had a reasonable opportunity to remediate. Our machine-readable contact is published at /.well-known/security.txt.
Compliance roadmap
We are progressing our own independent attestations (e.g. SOC 2 / ISO 27001) as part of our product-assurance program. Contact us for the current status and documentation available under NDA.