Security and Data Governance

Innovating Project Management While Ensuring Top-Tier Data Security

In addition to creating the world’s most advanced project controls solutions, InEight is dedicated to protecting all the data that our customers upload to our products, in accordance with industry best standards and practices. Our customers demand the highest levels of data security, and we strive to meet the expectations with a well-defined and maintained Information Security Management System.

Your Data, Protected

We recognize that our customers’ data must be well managed, controlled, and protected. To that end, we have a dedicated security team that oversees InEight’s information security program, which encompasses:

  • High-quality network security
  • Application security
  • Identity and access controls
  • Change management
  • Vulnerability management
  • Regular pen-testing
  • Log/event management
  • Vendor risk management
  • Physical security
  • Endpoint security
  • Governance & compliance
  • People/HR security
  • Disaster recovery
  • Intrusion detection

INEIGHT SECURITY CERTIFICATIONS

Protection and
Peace of Mind

Our next generation firewalls are equipped with Intrusion Detection and Intrusion Prevention technologies along with Geographic Blocking capabilities to protect our networks and systems. InEight performs regular internal and external scans to quickly identify and patch any exposed vulnerabilities. InEight conducts regular internal penetration tests and also utilizes a third-party for an annual penetration test. We store data at a specific Azure Data Center located within the region chosen by the customer, giving them full control and peace of mind.

End-to-End Encryption

System access is restricted to specific individuals based on “Least Privileged Access” principles and monitored and audited for compliance. We use Transport Layer Security (TLS) encryption (also known as HTTPS/TLS) for all customer data transfers, and customers can rest easy knowing that our solutions are hosted in Microsoft’s Azure Cloud Platform and all data is encrypted. In addition, all access to the application interface is controlled by the customer via the customer-maintained Azure AD for authentication and the customers own role assignments for each user. InEight maintains no direct application access to any customer data. Infrastructure access on the back-end is least privileged and audited.

Rigorous Security Compliance

Azure is independently audited using the ISO 27001 and SOC-2 Type II Standards as described here. To ensure that we maintain the highest possible levels of information security, InEight is ISO 27001 and ISO 27701 certified along with SOC 1 Type 2 and SOC 2 type 2 compliant. InEight has procured the auditing services of reputable third-party auditors and audits its information security practices annually under the ISO 27001 Standard along with SOC 2 Type 2 compliance. We have maintained both ISO 27001 and SOC 2 since 2019 and have just recertified for 2025, starting our third 3-year evolution and added the ISO 27701 for Privacy and the SOC 1 Type 2 compliance for financial reporting.

FedRAMP Approval

InEight began pursuing FedRAMP approval on April 1, 2024, as part of its dedication to providing top-tier security and compliance for its federal clients. The application for approval supports the increased focus on construction investment and digital transformation in the U.S. government, driven in part by the $1.2 trillion spending authorized by the 2021 Infrastructure Investment and Jobs Act. InEight is on track to receive FedRAMP Moderate Equivalency by May 2025.