At Unily, the security of our clients’ data is of utmost importance. We use the latest technology and processes to ensure your intranet is always secure, so you can rest easy knowing your data is in the right hands.
We know that for many enterprises, your data is your most valuable asset. In the age of GDPR and with the safety and security of data growing ever more important, Unily takes every measure to ensure your intranet is armed with bulletproof security. We strictly adhere to internationally recognized best practices, including ISO 27001 and SOC 2 Type II standards.
Unily’s team of dedicated QA and security engineers regularly perform thorough reviews and test our code base for security vulnerabilities, ensuring nothing flies under the radar.
Our development, testing, and staging environments are separated entirely from the Unily production environment. We also ensure that no customer data is ever used in our development, testing, or staging environments.
Our internal security team performs regular vulnerability scanning of the application and infrastructure.
The Unily platform source code is regularly scanned for security threats and is refactored to best practices.
Unily supports highly secure authentication with OAuth 2.0, the industry-standard protocol for authentication.
Single Sign-On (SSO) allows you to securely authenticate your users in your own systems without the need to duplicate login credentials. Unily only provides access to users that have been properly authenticated by you.
Unily supports a full suite of password management tools including sophisticated password complexity rules, password history lengths, and more. Passwords are securely encrypted, hashed, and salted within the application.
Unily ensures that customer data is always encrypted while at rest, ensuring your users are secure no matter where they are.
The transfer of data between the Unily platform and users is encrypted using HTTPs and TLS, so your data is kept highly secure as users access
Access to data within Unily is governed by access rights. Access privileges can be configured and managed through the use of memberships and can be used to define granular access rights.
Unily's granular permission structure allows administrators who can author content within varied Content Areas and Categories. The Unily platform can be configured in such a way that users must request approval before publishing their content.
Unily can be configured to automatically log users out after a period of inactivity.
Creation and modification of data stored within Unily are recorded along with access logs for future auditing.
The Unily platform's cloud infrastructure is designed and managed to strictly adhere to security best practices and IT security standards, including SOC1 and SOC2.
Unily is committed to keeping your data safe and secure, so our cloud infrastructure is designed and maintained to align with best practices, including the internationally recognized standard ISO 27001 certification.
The General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/ec in May 2018.
Unily is a data processor for Unily clients, whereby the client themselves are the data controller. The rights and responsibilities of Unily and operational changes to comply with GDPR implemented by Unily as a data processor are documented in full here. Unily enlists Microsoft as a subprocessor as this is where client data is stored as per all client contracts.
Unily will only host client data in data centers agreed with the client in advance. Beyond this, no data is transferred within Unily to other countries.
Unily utilizes a variety of automated monitoring systems to provide a high level of service performance and availability. Monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. The tools have the ability to set custom performance metrics thresholds for unusual activity.
The Unily platform is designed with several layers of protection guarding the transfer of data, encryption, network configuration, and application-level control, all of which are distributed across a highly-scalable and secure infrastructure.
Intrusion Detection Systems (IDS) are routinely deployed throughout the Unily infrastructure. Our systems are configured to identify malware infections, cyberattacks, system compromises, policy violations, and various other exposures.
Access to Unily's production environment and network is restricted to a select group of verified employees and is frequently monitored and audited.