Security and Compliance

IQN processes millions of data transactions annually on behalf of our customers. We take security and compliance very seriously—incorporating multiple layers of security protocols into a comprehensive data security plan.

Home  /  Workforce technology / Security and Compliance

SOC-300x275IQNavigator is the first and only company in the services procurement industry to successfully achieve SSAE 16 Type II SOC 2 and SOC 3 compliance
for Security Principles. We follow standards and guidelines issued by the American Institute of Certified Public Accountants (AICPA) that adhere to the most stringent international standards. IQN’s successful completion of these audits reaffirms annually our commitment to security as a software-as-a-service (SaaS) provider.

IQN is also certified under the Safe Harbor agreement developed by the United States Department of Commerce and the European Commission. An organization certified under the Safe Harbor is deemed to be in compliance with the adequacy privacy standards established by the Directive and implemented in the Member States.

As a data processor, IQN is not required to qualify for Safe Harbor. However, IQN’s Safe Harbor compliance assures customers, suppliers and partners that we are following the highest standards of privacy and security.


icon6IQNavigator’s production data center is just east of Denver, Colorado, within a Tier 3 ViaWest data center. ViaWest is the largest privately owned data center operator in the United States, with more than 20 wholly owned data centers and best-in-class data center operations and security. The disaster recovery environment is also in a Tier 3 ViaWest data center more than 600 miles away in Dallas, Texas.

Both the production and disaster recovery environments are in highly secured and singularly dedicated cages where IQN personnel manage every facet of the infrastructure, including all network devices and servers.

IQN’s data center infrastructure has several key design elements:

Best-of-breed technologies
Only top-tier technology components are used, including: F5 load balancers, Palo Alto firewalls, NetApp storage, Oracle Exadata Database Machines, and Brocade switches and routers. In addition, Verisign extended validation SSL certificates provide a “green-bar” browser experience.

Complete redundancy
All network devices and servers are fully redundant with hot failovers, including the load balancers and firewalls, with sufficient capacity for the failover to take on the full load in the event of a device failure.

Redundant data center services
The data center operator (ViaWest) provides Internet connectivity, power, and cooling—all fully redundant services.

Thorough monitoring
With more than 14 years of experience operating a complex system, IQN has built an extensive array of monitoring capabilities to cover all aspects of the application, the underlying services, and computing resource usage. Many of these alerts enable IQN to make adjustments to the system before end users see any impact, proactively preventing system issues for the highest availability. As a result, IQN has had 99.99% uptime for the last 12 months.

Five-layer physical security

  1. Digital video cameras that cover the entire exterior with onsite and offsite surveillance
  2. 24×7 attended entry to lobby with confirmed named-only access
  3. Isolated perimeter hallway with video camera surveillance
  4. Two-factor scramble pad to data center floor
  5. Locked cage dedicated to IQN

Best-in-class security processes
IQN’s security processes include external security testing of production after every major release and continuous SSAE 16 testing of all security processes.


recover-dataIQNavigator has a fully outlined and tested Disaster Recovery Plan. Database updates are transmitted on an almost continuous basis to the disaster recovery site. In addition, a second backup is performed daily in the production facility and encrypted on tape.

In the event of a disaster to the production facility, all transmitted database changes will be restored as part of the standby databases. Even in a worse-case disaster scenario, IQN customers will have no more than an hour of data loss.

The disaster recovery site is in a secure, raised-floor, climate-controlled data center operated by ViaWest in Dallas, Texas. The Dallas Business facility is a Tier 3, SSAE 16 SOC 1 and SOC 2 Type II audited facility. Access to the collection facilities is limited to the key technical members of the recovery team—Database Administrators, System Administrators, and Technology Executives at IQN.


Taking that last step to ensure our customer data is never compromised, IQN conducts continuous third-party vulnerability testing after every major release.

Related Resources

Get started.