IGNITE IRMRisk Management
Request a demo

Security

Last updated: 1 January 2026

Security is a first-class design goal for IGNITE IRM. This page summarises our platform and website controls and how to reach us about security.

Platform controls

  • Identity & access: enterprise SSO (Microsoft Entra ID, Google, Okta, OIDC, LDAP, SAML) with MFA, and role-based access on the IIA Three Lines model (least privilege by design).
  • Auditability: an append-only audit trail records significant actions for defensible, regulator-ready evidence.
  • Encryption: TLS in transit and encryption at rest; secrets held in a managed vault, never in source code.
  • Tenancy & residency: multi-tenant SaaS with strict per-organisation data scoping, or dedicated single-tenant private-cloud deployment on your chosen cloud/region.
  • Resilience: automated backups with point-in-time recovery and tested restores.
  • Secure SDLC: type-safe codebase, least-privilege database roles, and change-controlled releases.

Website controls

  • Served exclusively over HTTPS with HSTS.
  • A strict Content-Security-Policy, plus clickjacking (frame-ancestors / X-Frame-Options) and MIME-sniffing (X-Content-Type-Options) protections.
  • Restrictive Referrer-Policy and Permissions-Policy; no third-party trackers.

Reporting a vulnerability

We welcome responsible disclosure. If you believe you have found a security issue, please email info@innovacatalyst.com with details and steps to reproduce. Please do not publicly disclose until we have had a reasonable opportunity to remediate. Our machine-readable contact is published at /.well-known/security.txt.

Compliance roadmap

We are progressing our own independent attestations (e.g. SOC 2 / ISO 27001) as part of our product-assurance program. Contact us for the current status and documentation available under NDA.

← Back to home

© 2026 Innovacatalyst Business Solutions. All rights reserved. IGNITE IRM™ is a trademark of Innovacatalyst Business Solutions.