OneIQ Security Overview
OneIQ is built on the principle that trust must be earned continuously. Security, privacy, and compliance are embedded into every aspect of our platform—from how data is collected and processed, to how it is stored, accessed, and eventually removed. This article consolidates all of OneIQ’s security practices, certifications, and technical safeguards into a single reference.
Certifications, Compliance, and Independent Validation
ISO/IEC 27001 Certification
OneIQ is ISO/IEC 27001 certified by the British Standards Institution (BSI), Certificate Number IS 714719. Surveillance audits are conducted annually to confirm continuous improvement of our Information Security Management System (ISMS).
Patented Secure Data Collaboration
OneIQ holds U.S. Patent 11,797,701 B1 (October 24, 2023) for Secure Data Collaboration. This technology enforces granular, policy-driven data access within collaborative workspaces. It ensures teams can work across Hybrid IT environments while the originating organization retains full control of its data.
GDPR Compliance
OneIQ complies with the EU General Data Protection Regulation (GDPR) (EU 2016/679). Personal data is collected and processed lawfully, transparently, and for legitimate purposes.
Independent Security Testing
OneIQ engages a leading external security firm—also trusted by defense, finance, and public sector organizations—to conduct annual penetration tests. These cover application and infrastructure layers, validating resilience against current threat vectors.
Platform Architecture and Data Flow
The OneIQ platform has three core components:
OneIQ Pulse – Agentless connector deployed in datacenter, cloud, or cloud-native environments to capture configuration, billing, performance, and network data.
OneIQ Central – Secure data warehouse hosted in Microsoft Azure (Canada Central) with encryption-at-rest.
OneIQ Portal – Browser-based interface providing secure collaborative workspaces with granular access control.
Data lifecycle:
Discovery – OneIQ Pulse discovers target systems using read-only credentials and standard instrumentation (e.g., APIs, hypervisor interfaces, cloud-native telemetry).
Profiling – Configuration, billing, performance, and flow-level network data (e.g., IPFIX, JFlow, NetFlow) are collected.
Encryption at source – Data is encrypted immediately at collection using asymmetric cryptography. Credentials are encrypted with AES-256.
Transfer – Data is uploaded via secure HTTPS channels to OneIQ Central.
Storage – Data is synchronized with private keys located in OneIQ Central and stored on Azure cloud storage with encryption-at-rest.
Analysis – Authorized users access the data via secure workspaces in the OneIQ Portal. Scrambling functions can anonymize identifiers such as IP addresses and hostnames.
Removal – Access can be revoked by detaching an environment from a workspace or deleting it, which removes the associated data.
Application Security
Agentless Architecture – No persistent software agents are installed on customer systems, minimizing the attack surface.
Secured Credentials – AES-256 encryption of credentials, never displayed in plaintext, never transmitted externally.
End-to-End Data Encryption – Encryption applied at collection, in transit (SSL/TLS), and at rest.
Digital Signatures – The OneIQ Pulse connector is digitally signed to prevent tampering.
Zero Trust Controls – SSL/TLS certificates and SSH host keys must be valid or explicitly trusted before data collection is allowed.
Vulnerability Management – Regular scanning of web applications and container images; vulnerabilities are tracked and remediated as part of development lifecycle.
Automatic Security Updates – Patches and security features are automatically downloaded and applied to OneIQ Pulse.
Infrastructure Security
Microsoft Azure Canada Central – OneIQ Central is hosted in Toronto within Azure’s regional infrastructure, leveraging:
Azure Firewall
Encrypted storage
Built-in resilience and compliance features
Network Security
All communications use SSL/TLS.
SSL configurations are validated regularly using Qualys SSL Labs; OneIQ maintains an A+ score.
Supplier Security
Strict onboarding due diligence for new suppliers.
Annual reviews for existing suppliers to confirm alignment with privacy and security standards.
Extensive Logging
All system and access events are logged.
Logs are monitored to detect anomalies, support incident investigations, and enforce accountability.
Organizational Security
Information Security Officer (ISO)
A designated officer is accountable for ISO/IEC 27001 compliance, continuous improvement of security policies, and incident management.
Incident Management
Documented procedures for identifying, containing, and communicating security incidents. Root cause analysis and corrective actions are mandatory.
Employee Screening and Agreements
Criminal record checks and employment verification for new hires. All employees sign confidentiality agreements.
Training
Security training is required at onboarding and refreshed annually.
Access Controls
SSO integrated with two-factor authentication (2FA) is enforced across all systems.
Role-based access policies restrict sensitive functions.
Endpoint Security
BitLocker disk encryption and endpoint security scanning software on all staff devices.
Clear-screen and device lock policies enforced.
Privacy, Collaboration, and Data Sharing
OneIQ’s security model extends beyond technical controls to include collaboration safeguards:
Data Scrambling – IP addresses, hostnames, and other identifiers can be anonymized in shared views.
Secure Workspaces – Environments can be shared with external collaborators under strict access policies, with chain-of-custody tracking.
Granular Controls – Environments, servers, VMs, or entities can be selectively included or excluded in shared analyses.
Data Lifecycle Management – Shared observability windows and views can be set to expire automatically, reducing exposure risk.
Security Features Summary
ISO/IEC 27001 certified (BSI IS 714719)
U.S. Patent 11,797,701 B1 for Secure Data Collaboration
GDPR compliance (EU 2016/679)
Annual penetration testing and surveillance audits
Agentless architecture, reducing system exposure
AES-256 encryption for credentials and data
Asymmetric encryption for data in transit
Secure HTTPS transfer and TLS enforcement
A+ SSL Labs rating
Azure Canada Central hosting with encryption-at-rest
SSO + 2FA for all access
BitLocker and endpoint security across staff devices
Annual staff security training
Extensive logging and incident management framework
Conclusion
OneIQ’s security framework combines independent certifications, patented collaboration technology, rigorous operational policies, and layered technical controls. By integrating application security, infrastructure safeguards, and organizational governance, OneIQ provides a secure and compliant platform for IT visibility and planning.
This model ensures teams can collaborate confidently while maintaining ownership and control of their data at all times.