Stack Security

End Users

Security of the stack should start from the requests sent across to the environment, from end users or other systems integrating with Invotra. 

As part of this, we support authenticating users using the SAML 2.0 protocol. Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorisation data between security domains.

SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, that is, an identity provider, and a SAML consumer, that is, a service provider.

SAML 2.0 enables web-based authentication and authorisation scenarios including cross-domain Single Sign On (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user.

If you do not have Single Sign on capabilities, we have ensured that strong password policies are enforced within the Invotra application, with a defined set of criteria to lock and protect user from malicious login attempts.

Administrators

Invotra System Administrators are highly qualified employees who have been security cleared to the level of SC, ensuring your data is handled securely. The administrators are privileged users who accessed encrypted devices to help maintain and optimise the Infrastructure through regular patching and performance optimisation.

Infrastructure

The Invotra infrastructure is hosted in a Virtual Private Cloud with industry standards followed to design, build and maintain the platform. End users access Invotra through TLS, ensuring their connection is protected when accessing the Invotra application. As well as this, within the infrastructure, the data is encrypted at rest to ensure that the stored sensitive data is protected.

Within our delivery pipeline, we have developed automated tests that are constantly checking the code are meets the high security standards that we enforce. As well as this, we engage third party companies to perform IT Health Checks across the platform to ensure we are following the most up to date security trends.