Skip to main content

OneIQ Security, Privacy, and Compliance

How certifications, architecture, and policies safeguard data from collection to collaboration

Phi Team avatar
Written by Phi Team
Updated over 2 weeks ago

OneIQ Security Overview

OneIQ is built on the principle that trust must be earned continuously. Security, privacy, and compliance are embedded into every aspect of our platform—from how data is collected and processed, to how it is stored, accessed, and eventually removed. This article consolidates all of OneIQ’s security practices, certifications, and technical safeguards into a single reference.

Certifications, Compliance, and Independent Validation

  • ISO/IEC 27001 Certification

    OneIQ is ISO/IEC 27001 certified by the British Standards Institution (BSI), Certificate Number IS 714719. Surveillance audits are conducted annually to confirm continuous improvement of our Information Security Management System (ISMS).

  • Patented Secure Data Collaboration

    OneIQ holds U.S. Patent 11,797,701 B1 (October 24, 2023) for Secure Data Collaboration. This technology enforces granular, policy-driven data access within collaborative workspaces. It ensures teams can work across Hybrid IT environments while the originating organization retains full control of its data.

  • GDPR Compliance

    OneIQ complies with the EU General Data Protection Regulation (GDPR) (EU 2016/679). Personal data is collected and processed lawfully, transparently, and for legitimate purposes.

  • Independent Security Testing

    OneIQ engages a leading external security firm—also trusted by defense, finance, and public sector organizations—to conduct annual penetration tests. These cover application and infrastructure layers, validating resilience against current threat vectors.

Platform Architecture and Data Flow

The OneIQ platform has three core components:

  1. OneIQ Pulse – Agentless connector deployed in datacenter, cloud, or cloud-native environments to capture configuration, billing, performance, and network data.

  2. OneIQ Central – Secure data warehouse hosted in Microsoft Azure (Canada Central) with encryption-at-rest.

  3. OneIQ Portal – Browser-based interface providing secure collaborative workspaces with granular access control.

Data lifecycle:

  1. Discovery – OneIQ Pulse discovers target systems using read-only credentials and standard instrumentation (e.g., APIs, hypervisor interfaces, cloud-native telemetry).

  2. Profiling – Configuration, billing, performance, and flow-level network data (e.g., IPFIX, JFlow, NetFlow) are collected.

  3. Encryption at source – Data is encrypted immediately at collection using asymmetric cryptography. Credentials are encrypted with AES-256.

  4. Transfer – Data is uploaded via secure HTTPS channels to OneIQ Central.

  5. Storage – Data is synchronized with private keys located in OneIQ Central and stored on Azure cloud storage with encryption-at-rest.

  6. Analysis – Authorized users access the data via secure workspaces in the OneIQ Portal. Scrambling functions can anonymize identifiers such as IP addresses and hostnames.

  7. Removal – Access can be revoked by detaching an environment from a workspace or deleting it, which removes the associated data.

Application Security

  • Agentless Architecture – No persistent software agents are installed on customer systems, minimizing the attack surface.

  • Secured Credentials – AES-256 encryption of credentials, never displayed in plaintext, never transmitted externally.

  • End-to-End Data Encryption – Encryption applied at collection, in transit (SSL/TLS), and at rest.

  • Digital Signatures – The OneIQ Pulse connector is digitally signed to prevent tampering.

  • Zero Trust Controls – SSL/TLS certificates and SSH host keys must be valid or explicitly trusted before data collection is allowed.

  • Vulnerability Management – Regular scanning of web applications and container images; vulnerabilities are tracked and remediated as part of development lifecycle.

  • Automatic Security Updates – Patches and security features are automatically downloaded and applied to OneIQ Pulse.

Infrastructure Security

  • Microsoft Azure Canada Central – OneIQ Central is hosted in Toronto within Azure’s regional infrastructure, leveraging:

    • Azure Firewall

    • Encrypted storage

    • Built-in resilience and compliance features

  • Network Security

    • All communications use SSL/TLS.

    • SSL configurations are validated regularly using Qualys SSL Labs; OneIQ maintains an A+ score.

  • Supplier Security

    • Strict onboarding due diligence for new suppliers.

    • Annual reviews for existing suppliers to confirm alignment with privacy and security standards.

  • Extensive Logging

    • All system and access events are logged.

    • Logs are monitored to detect anomalies, support incident investigations, and enforce accountability.

Organizational Security

  • Information Security Officer (ISO)

    A designated officer is accountable for ISO/IEC 27001 compliance, continuous improvement of security policies, and incident management.

  • Incident Management

    Documented procedures for identifying, containing, and communicating security incidents. Root cause analysis and corrective actions are mandatory.

  • Employee Screening and Agreements

    Criminal record checks and employment verification for new hires. All employees sign confidentiality agreements.

  • Training

    Security training is required at onboarding and refreshed annually.

  • Access Controls

    • SSO integrated with two-factor authentication (2FA) is enforced across all systems.

    • Role-based access policies restrict sensitive functions.

  • Endpoint Security

    • BitLocker disk encryption and endpoint security scanning software on all staff devices.

    • Clear-screen and device lock policies enforced.

Privacy, Collaboration, and Data Sharing

OneIQ’s security model extends beyond technical controls to include collaboration safeguards:

  • Data Scrambling – IP addresses, hostnames, and other identifiers can be anonymized in shared views.

  • Secure Workspaces – Environments can be shared with external collaborators under strict access policies, with chain-of-custody tracking.

  • Granular Controls – Environments, servers, VMs, or entities can be selectively included or excluded in shared analyses.

  • Data Lifecycle Management – Shared observability windows and views can be set to expire automatically, reducing exposure risk.

Security Features Summary

  • ISO/IEC 27001 certified (BSI IS 714719)

  • U.S. Patent 11,797,701 B1 for Secure Data Collaboration

  • GDPR compliance (EU 2016/679)

  • Annual penetration testing and surveillance audits

  • Agentless architecture, reducing system exposure

  • AES-256 encryption for credentials and data

  • Asymmetric encryption for data in transit

  • Secure HTTPS transfer and TLS enforcement

  • A+ SSL Labs rating

  • Azure Canada Central hosting with encryption-at-rest

  • SSO + 2FA for all access

  • BitLocker and endpoint security across staff devices

  • Annual staff security training

  • Extensive logging and incident management framework

Conclusion

OneIQ’s security framework combines independent certifications, patented collaboration technology, rigorous operational policies, and layered technical controls. By integrating application security, infrastructure safeguards, and organizational governance, OneIQ provides a secure and compliant platform for IT visibility and planning.

This model ensures teams can collaborate confidently while maintaining ownership and control of their data at all times.

Did this answer your question?