Security

Your security is our top priority

At Unily, the security of our clients’ data is of utmost importance. We use the latest technology and processes to ensure your intranet is always secure, so you can rest easy knowing your data is in the right hands.

Keeping your data safe

We know that for many enterprises, your data is your most valuable asset. In the age of GDPR and with the safety and security of data growing ever more important, Unily takes every measure to ensure your intranet is armed with bulletproof security. We strictly adhere to internationally recognized best practices, including ISO 27001 and SOC 2 Type II standards.

Application security

QA

Unily’s team of dedicated QA and security engineers regularly perform thorough reviews and test our code base for security vulnerabilities, ensuring nothing flies under the radar.

Secure Environments

Our development, testing, and staging environments are separated entirely from the Unily production environment. We also ensure that no customer data is ever used in our development, testing, or staging environments.

Vulnerability Analysis

Our internal security team performs regular vulnerability scanning of the application and infrastructure.

Static Code Review

The Unily platform source code is regularly scanned for security threats and is refactored to best practices.

Software security features

Authentication

Unily supports highly secure authentication with OAuth 2.0, the industry-standard protocol for authentication.  

SSO

Single Sign-On (SSO) allows you to securely authenticate your users in your own systems without the need to duplicate login credentials. Unily only provides access to users that have been properly authenticated by you.

Secure Credential Storage

Unily supports a full suite of password management tools including sophisticated password complexity rules, password history lengths, and more. Passwords are securely encrypted, hashed, and salted within the application.

Encryption

At Rest

Unily ensures that customer data is always encrypted while at rest, ensuring your users are secure no matter where they are.

In Transit

The transfer of data between the Unily platform and users is encrypted using HTTPs and TLS, so your data is kept highly secure as users access 

Product security features

Access Control

Access to data within Unily is governed by access rights. Access privileges can be configured and managed through the use of memberships and can be used to define granular access rights.

Content Moderation & Approval

Unily's granular permission structure allows administrators who can author content within varied Content Areas and Categories. The Unily platform can be configured in such a way that users must request approval before publishing their content.

Auto Logout

Unily can be configured to automatically log users out after a period of inactivity.

Auditing

Creation and modification of data stored within Unily are recorded along with access logs for future auditing.

Compliance

SOC 2 Type II

The Unily platform's cloud infrastructure is designed and managed to strictly adhere to security best practices and IT security standards, including SOC1 and SOC2.

ISO 27001

Unily is committed to keeping your data safe and secure, so our cloud infrastructure is designed and maintained to align with best practices, including the internationally recognized standard ISO 27001 certification.

GDPR

The General Data Protection Regulation (GDPR) replaced the Data Protection Directive 95/46/ec in May 2018.

Unily is a data processor for Unily clients, whereby the client themselves are the data controller. The rights and responsibilities of Unily and operational changes to comply with GDPR implemented by Unily as a data processor are documented in full here. Unily enlists Microsoft as a subprocessor as this is where client data is stored as per all client contracts.

Unily will only host client data in data centers agreed with the client in advance. Beyond this, no data is transferred within Unily to other countries.

Infrastructure security

Monitoring

Unily utilizes a variety of automated monitoring systems to provide a high level of service performance and availability. Monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. The tools have the ability to set custom performance metrics thresholds for unusual activity. 

Architecture

The Unily platform is designed with several layers of protection guarding the transfer of data, encryption, network configuration, and application-level control, all of which are distributed across a highly-scalable and secure infrastructure.

Intrusion Detection

Intrusion Detection Systems (IDS) are routinely deployed throughout the Unily infrastructure. Our systems are configured to identify malware infections, cyberattacks, system compromises, policy violations, and various other exposures.

Logical Access

Access to Unily's production environment and network is restricted to a select group of verified employees and is frequently monitored and audited.

Insights for you