Security & Compliance

IronWifi is designed with security at its core. This page documents our compliance certifications (ISO 27001, SOC 2, GDPR), infrastructure security, data protection measures, and vulnerability management practices.

Compliance Certifications

ISO 27001

IronWifi maintains ISO 27001 certification, demonstrating our commitment to information security management.

We comply with the General Data Protection Regulation for handling EU personal data. See our GDPR Compliance Statement.

Privacy Shield

We participate in the EU-US Privacy Shield Framework for transatlantic data transfers.

SOC 2

Our infrastructure and processes are designed to meet SOC 2 Type II standards.

Infrastructure Security

Cloud Infrastructure

Hosted on Google Cloud Platform
Multi-region availability
Automatic failover and redundancy
Regular backups

Network Security

DDoS protection
Web Application Firewall (WAF)
Network segmentation
Intrusion detection systems

Physical Security

Data centers with 24/7 security
Biometric access controls
Video surveillance
Environmental controls

Data Security

Encryption

In Transit: TLS 1.2+ for all communications
At Rest: AES-256 encryption for stored data
RADIUS: Support for RadSec (RADIUS over TLS)

Access Control

Role-based access control (RBAC)
Multi-factor authentication available
Principle of least privilege
Regular access reviews

Data Handling

Data minimization
Purpose limitation
Secure deletion procedures
Audit logging

Application Security

Secure Development

Secure coding practices
Code review process
Automated security testing
Dependency scanning

Vulnerability Management

Regular vulnerability scans
Penetration testing
Bug bounty program
Rapid patching process

Authentication

Strong password requirements
Secure password storage (bcrypt)
Session management
Brute force protection

Operational Security

Monitoring

24/7 system monitoring
Security event logging
Anomaly detection
Real-time alerting

Incident Response

Documented incident response plan
Trained response team
Regular tabletop exercises
Post-incident reviews

Business Continuity

Disaster recovery plan
Regular backup testing
Geographic redundancy
Defined RTO and RPO

Employee Security

Background Checks

Pre-employment screening
Regular re-verification

Training

Security awareness training
GDPR training
Phishing simulations
Role-specific training

Access Management

Need-to-know access
Regular access reviews
Immediate revocation upon termination

Third-Party Security

Vendor Assessment

Security questionnaires
Due diligence process
Contractual requirements
Regular reviews

Sub-Processors

We carefully vet all sub-processors for security compliance.

Reporting Security Issues

Responsible Disclosure

If you discover a security vulnerability:

Email: security@ironwifi.com
Do not publicly disclose until resolved
Provide detailed reproduction steps

Response

We will:

Acknowledge within 24 hours
Investigate promptly
Keep you informed of progress
Credit researchers (if desired)

Security Documentation

Available upon request:

Security whitepaper
Penetration test summaries
Compliance certifications
Data Processing Agreement

Contact security@ironwifi.com for security-related inquiries.

Compliance Certifications​

ISO 27001​

GDPR​

Privacy Shield​

SOC 2​

Infrastructure Security​

Cloud Infrastructure​

Network Security​

Physical Security​

Data Security​

Encryption​

Access Control​

Data Handling​

Application Security​

Secure Development​

Vulnerability Management​

Authentication​

Operational Security​

Monitoring​

Incident Response​

Business Continuity​

Employee Security​

Background Checks​

Training​

Access Management​

Third-Party Security​

Vendor Assessment​

Sub-Processors​

Reporting Security Issues​

Responsible Disclosure​

Response​

Security Documentation​