Your Trust is Our Foundation

We're committed to protecting your data, earning your confidence, and delivering a platform you can rely on. Discover our comprehensive approach to security, privacy, and performance.

 

Our Commitment to Trust

What Data We Collect

We are committed to a data-minimization approach. Our Learning Management System (LMS) typically only collects a user's first name, last name, and email address. While our platform is capable of storing additional information, this is not required for standard operation.

Trusted by Experts

Our current security measures have been vetted and passed security scrutiny from a number of government departments and companies based in Australia, New Zealand, Canada and the USA.

Our Secure Infrastructure

Microsoft Azure Blog

Microsoft Azure Hosting
The Intuto platform is now fully hosted on the Microsoft Azure data center. This allows us to leverage Azure’s robust, enterprise-grade security capabilities, which are managed by our partner, Parallo, a Crayon company. This setup ensures high availability, performance, and resilience.

Our Path to SOC 2
We are actively working with a global security company, Drata, to implement the SOC 2 cybersecurity compliance framework. We are approximately 70% through this project, and its completion will allow us to provide a real-time report on our security status, setting us up for independent audits by third-party SOC 2 auditors.

Real-Time Security Status
For a live view of our compliance and security posture, you can visit our public-facing Drata Trust Center: https://app.drata.com/trust/20ad3897-fd67-4e10-a5ca-278d8bbda521

How We Protect Your Data

A Multi-Layered Approach to Security

  • We have implemented multiple layers of security to safeguard your information and our systems.
  • Encryption: All traffic to our platform is secured with HTTPS, and all data stored on our servers is protected with infrastructure encryption.
  • Secure Access: Access to our databases and core services is restricted using Private Endpoints and virtual networks. We use Role-Based Access Control (RBAC) to ensure that only authorized personnel have the necessary permissions.
  • Secret Management: Sensitive information like API keys and connection strings are never stored in our code. Instead, they are securely managed in a dedicated Azure Key Vault.
  • Physical Security: All our data is housed in an ISO 27001-certified data center, ensuring world-class physical security standards.

Public Resources

For more detailed information, please review our official policies and public pages:

Intuto Privacy Policy: https://www.intuto.com/privacy

Intuto Terms of Service: https://www.intuto.com/terms

Intuto Status Page: https://intuto.statuspage.io/

What you can do to protect your data

Cloud-based software that is properly secured and follows current best practices is very safe. It is almost impossible for someone with malicious intent to hack into a system through the application or an infrastructure or application vulnerability. Recently, the overwhelming majority of data breaches are carried out through the practice of "social hacking."

There are several steps your organisation can take to mitigate the risks of a data breach:

  • Each employee should have their own login to the system. Cancel or suspend all employee logins if they are no longer employed or on leave.
  • Employees should not share their passwords with others, including other employees.
  • Employees should update their passwords regularly. (Intuto enforces periodic administrator password updates).
  • Restrict the ability to download (extract or export) sensitive data only to those who need it. Ideally, only one employee should have the ability to export data from the system. Other employees needing extracted data must go through this person and provide a reason for obtaining the exported data.
  • Exported data should only be saved to secured computers.
  • Exported data should be deleted when it is no longer needed.
  • Never send exported data as an email attachment. Always use secure file delivery services.
  • Ensure a data privacy policy is received from any third-party service providers that you need to provide exported data to (such as an events coordinator, trainers, etc.).
  • Do not open email attachments if you do not know or trust the source of the email.
  • Do not install unauthorized software on any computers used to log into the Intuto system.
  • Ensure antivirus software is installed and kept up to date on any computers used to log into the Intuto system.
Trusted by Associations Across North America, Australia, and New Zealand
New Zealand Red Cross Australian Music Therapy Association, AMTA New Zealand Security Association, NZSA Association of Biosafety for Australia & New Zealand, ABSANZ GC_logo_23_long_main Tennis Canada The Australian College of PeriAnaesthesia Nurses, ACPAN Orthoptics Australia College of Emergency Nursing Australasia, CENA

Find Out More.

We'll help you determine whether Intuto is right for you and show you real examples of how associations are using online learning to improve their Member Education programmes.

Request a Demo