Your Data,
Secure with iCOVER
We don’t just protect data—
we safeguard trust.
At iCOVER, trust is the foundation of everything we do—especially when it comes to background screening and compliance. That’s why we’re committed to maintaining a robust security posture, underpinned by continuous improvement, best-in-class technology, and regular audits.
Our Approach to Data Security
We take a multi-layered, proactive approach to securing personal and confidential information, with a strong focus on reliability, compliance, and IT governance. Our commitment is ongoing, adapting to evolving threats while implementing industry-leading security controls.
Encryption at Every Level
Data at Rest:
- AES-256 Encryption: All data in databases, storage, and backups is encrypted via Amazon Web Services (AWS).
- Client-Specific Encryption: We apply additional encryption aligned with each client’s data retention policy—ensuring even privileged iCOVER users cannot access expired data.
Data in Transit:
- HTTPS Everywhere: All iCOVER web interfaces enforce HTTPS and support TLS 1.2 or higher.
- Secure APIs: All API endpoints require encrypted TLS 1.2+ connections.
Threat Detection & Penetration Testing
We continuously monitor, test, and adapt to stay ahead of the threat landscape:
- Regular external penetration testing
- Automated malware scans for uploaded files
- Internal vulnerability scans and proactive patching
- Web Application Firewall (WAF) to defend against DDoS and common exploits
- Health monitoring and advanced logging for performance and incident analysis
Secure Development, Configuration & Resilience
We integrate security into every stage of our software lifecycle:
- Secure coding practices based on OWASP guidelines
- Rigorous testing and automated security validation in CI/CD pipelines
- Best-practice infrastructure configurations
- Business Continuity Planning (BCP) and Disaster Recovery Programs (DRP) with redundant data stores and automated backups
End-User Protection & Employee Awareness
Security begins from within:
- Encrypted, centrally managed workstations with antivirus protection
- Controlled software installations
- Regular cybersecurity awareness training and phishing simulations
- Use of a corporate password manager for secure credential handling
- Version-controlled document storage with access control, audit trails, and backup
Compliance & Data Privacy
iCOVER meets and exceeds industry standards:
- ISO/IEC 27001 certification across our global offices (France, Bulgaria, Mexico, India, Tunisia, Morocco)
- Hosting within certified data centers located in the European Union
- Full alignment with applicable data protection regulations
iCOVER’s Screening Platform – IRIS
Built for performance, compliance, and security. Backed by secure infrastructure and expert support, IRIS includes:
- Customizable workflows and fast API response times
- Real-time updates and alerts
- Full lifecycle tracking of background checks
- Secure storage of screening data
- 24/7 data access with guaranteed uptime
- Ongoing technical support
Robust Backend Access Governance
We make access management simple and secure:
- Role-Based Access Control (RBAC) with fine-grained permissions
- Automatic expiration of unused user accounts
Secure API Integration
Our APIs are engineered for secure, seamless integration:
- JWT-based authentication to ensure only authorized access
- Encrypted transmission (TLS) to prevent data leaks and MITM attacks
- Comprehensive test coverage and code reviews with security in mind
Security is Not a Feature — It’s Our Foundation
At iCOVER, we believe that true compliance and peace of mind come from transparency, reliability, and security excellence. Whether you’re a client, partner, or candidate—your data is always protected.
Ready to learn more? Contact our team to explore how iCOVER keeps your data secure every step of the way.