Security & Compliance

Key Takeaways

IronWiFi maintains ISO 27001 certification and meets SOC 2 Type II standards, with documented security controls covering data handling, access management, and incident response.
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). RADIUS federation traffic supports RadSec (RADIUS over TLS, defined in RFC 6614) for end-to-end encryption.
IronWiFi is hosted on Google Cloud Platform with multi-region availability, automatic failover, DDoS protection, and 24/7 infrastructure monitoring.
GDPR compliance is built in, including data minimization, purpose limitation, secure deletion, and support for data subject access requests. IronWiFi participates in the EU-US Data Privacy Framework for transatlantic data transfers.
Security vulnerabilities can be reported to security@ironwifi.com with acknowledgement within 24 hours under IronWiFi's responsible disclosure program.

IronWiFi is designed with security at its core. This page documents our compliance certifications (ISO 27001, SOC 2, GDPR), infrastructure security, data protection measures, and vulnerability management practices.

Compliance Certifications

ISO 27001

IronWiFi maintains ISO 27001 certification, demonstrating our commitment to information security management.

We comply with the General Data Protection Regulation for handling EU personal data. See our GDPR Compliance Statement.

EU-US Data Privacy Framework

We participate in the EU-US Data Privacy Framework for transatlantic data transfers, providing enhanced data protection for EU personal data transferred to the United States.

SOC 2

Our infrastructure and processes are designed to meet SOC 2 Type II standards.

Infrastructure Security

Cloud Infrastructure

Hosted on Google Cloud Platform
Multi-region availability
Automatic failover and redundancy
Regular backups

Network Security

DDoS protection
Web Application Firewall (WAF)
Network segmentation
Intrusion detection systems

Physical Security

Data centers with 24/7 security
Biometric access controls
Video surveillance
Environmental controls

Data Security

Encryption

In Transit: TLS 1.2+ for all API, console, and inter-service communications. RADIUS authentication supports EAP-TLS, EAP-TTLS, and PEAP with TLS 1.2+ tunnels as defined in RFC 5216 (EAP-TLS) and RFC 5281 (EAP-TTLS).
At Rest: AES-256 encryption for all stored data, including user credentials, session records, and configuration data.
RADIUS Federation: RadSec (RADIUS over TLS, defined in RFC 6614) encrypts all RADIUS traffic between federation partners, replacing the traditional UDP-based shared-secret authentication with certificate-based mutual TLS.

Access Control

Role-based access control (RBAC)
Multi-factor authentication available
Principle of least privilege
Regular access reviews

Data Handling

Data minimization
Purpose limitation
Secure deletion procedures
Audit logging

Application Security

Secure Development

Secure coding practices
Code review process
Automated security testing
Dependency scanning

Vulnerability Management

Regular vulnerability scans
Penetration testing
Bug bounty program
Rapid patching process

Authentication

Strong password requirements
Secure password storage (bcrypt)
Session management
Brute force protection

Operational Security

Monitoring

24/7 system monitoring
Security event logging
Anomaly detection
Real-time alerting

Incident Response

Documented incident response plan
Trained response team
Regular tabletop exercises
Post-incident reviews

Business Continuity

Disaster recovery plan
Regular backup testing
Geographic redundancy
Defined RTO and RPO

Employee Security

Background Checks

Pre-employment screening
Regular re-verification

Training

Security awareness training
GDPR training
Phishing simulations
Role-specific training

Access Management

Need-to-know access
Regular access reviews
Immediate revocation upon termination

Third-Party Security

Vendor Assessment

Security questionnaires
Due diligence process
Contractual requirements
Regular reviews

Sub-Processors

We carefully vet all sub-processors for security compliance.

Reporting Security Issues

Responsible Disclosure

If you discover a security vulnerability:

Email: security@ironwifi.com
Do not publicly disclose until resolved
Provide detailed reproduction steps

Response

We will:

Acknowledge within 24 hours
Investigate promptly
Keep you informed of progress
Credit researchers (if desired)

Security Documentation

Available upon request:

Security whitepaper
Penetration test summaries
Compliance certifications
Data Processing Agreement

Contact security@ironwifi.com for security-related inquiries.

Was this page helpful?

Compliance Certifications​

ISO 27001​

GDPR​

EU-US Data Privacy Framework​

SOC 2​

Infrastructure Security​

Cloud Infrastructure​

Network Security​

Physical Security​

Data Security​

Encryption​

Access Control​

Data Handling​

Application Security​

Secure Development​

Vulnerability Management​

Authentication​

Operational Security​

Monitoring​

Incident Response​

Business Continuity​

Employee Security​

Background Checks​

Training​

Access Management​

Third-Party Security​

Vendor Assessment​

Sub-Processors​

Reporting Security Issues​

Responsible Disclosure​

Response​

Security Documentation​

Related Topics​