See how Intrro works every Tuesday at 2pm ET

Product
Employee referralsReferral sourcingDiversityReferral AutomationEmployee ExperienceInsightsIntegration for Slack
Personas

Personas

LeadershipTalent OpsRecruiter
PricingCustomers
Resources
Help CenterPodcastBlogToolkite-Book
See Intrro in Action
Company
About usCareersCareers
Get a DemoLog InBook a demo

See how Intrro works every Tuesday at 2pm ET

Pricing
Resources
Help CenterPodcastBlogToolkite-Book
Product
Referral sourcingEmployee referralsDiversityReferral AutomationEmployee ExperienceInsightsIntegration for SlackSee Intrro in Action
Use cases

By Role

LeadershipTalent OpsRecruiter
CustomersSee Intrro in ActionBook a demo
Company
About usCareersCareers
Log InTRY FREE
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept All

Privacy Preference Center

When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.
Reject all cookiesAllow all cookies

Manage Consent Preferences by Category

Essential
Always Active
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Marketing
These cookies are used to make advertising messages more relevant to you and your interests. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Personalization
These cookies may be set through our website by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other websites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Analytics
We use analytics cookies to help us measure how users interact with website content, which helps us customize our websites and application for you in order to enhance your experience.
Confirm my preferences and close
Back to Help Center

Security

Security

What and where does Intrro store the data it collects?

Do you fill out security assessments?

Who is the security contact?

Single Sign-On

User Roles

Passwords

Application Infrastructure

Vulnerability Management

Intrusion Detection and Prevention

Logical Separation

Incident Response

Vulnerability Disclosure

Software Development Life Cycle

Data Encryption

Data Subprocessors

New SCCs & the GDPR

California Consumer Privacy Act

High Availability

Business Continuity

Disaster Recovery

Backups

Physical Security

Security Training

Risk Management

Security Policies

Vendor Management

Confidentiality Agreements

Endpoint Security

SOC 2 Type II

1. Definitions

2. Customer Data subject to EU Data Protection Law

3. Purpose and Scope

4. Security

5. Data Subject Rights

6. Customer Personal Data Breach

7. Sub-Processors

8. Audit

9. Impact Assessment

10. Data Deletion

11. Transfer Mechanisms

12. Customer Data subject to CCPA

13. Customer Data subject to LGPD

14. Customer Responsibilities

15. Liability

16. Term and Termination

17. General

Annex 1A

Annex 1B

Annex 1C

Annex 2

Annex 3

Compliance Documentation

Data Subjects Rights

Consent

Data Breach

Vulnerability Management

Intrro has vulnerability management policies and procedures in place to describe how we monitor for new vulnerabilities, enforce timelines and processes for remediation.

Scanning and detection

Intrro utilizes a number of services to perform internal vulnerability scanning and package monitoring on a continuous basis.

Netsparker

Intrro employs automated and integrated security scans of the web application through Netsparker. Automated scans occur at least daily and any detected vulnerabilities immediately notify the engineering team.

Security advisories

Intrro subscribes to GitHub's security alerts program. If GitHub detects a vulnerability from the GitHub Advisory Database or WhiteSource in one of the web application's dependencies, the engineering team is notified.

AWS Systems Manager

Intrro utilizes AWS Systems Manager for fleet management and endpoint security. AWS Systems Manager automatically scans and detects vulnerabilities on employee hardware and alerts the user on known vulnerabilities and provides guidance on remediation.

Image scanning

Intrro utilizes Amazon ECR image scanning to identify vulnerabilities in container images. Amazon ECR image scanning uses the Common Vulnerabilities and Exposures (CVEs) from the open-source Clair project to scan and alert on known container vulnerabilities.

Vanta

Intrro utilizes Vanta to scan and monitor for package vulnerabilities. Vanta enforces compliance with vulnerability SLAs based on severity.

Severity and timing

Intrro defines the severity of an issue via industry-recognized Common Vulnerability Scoring System (CVSS) scores, which all modern scanning and continuous monitoring systems utilize. The CVSS provides a way to capture the characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Low Severity - 0.1 - 3.9

Low severity vulnerabilities are likely to have very little impact on the business, perhaps because they require local system access.

Medium Severity - 4.0 - 6.9

Medium severity vulnerabilities usually require the same local network or user privileges to be exploited.

High Severity - 7.0 - 8.9

High severity vulnerabilities are typically difficult to exploit but could result in escalated privileges, significant data loss, and/or downtime.

Critical Severity - 9.0 - 10.0

Critical severity vulnerabilities likely lead to root level compromise of servers, applications, and other infrastructure components. If a critical vulnerability cannot be addressed within timelines as defined, an incident response ticket will be opened, documenting what interim remediation has been made.

Remediation process

When a vulnerability is detected and verified, the engineering team will remediate vulnerabilities within the SLA depending on the severity. Compliance of vulnerability SLAs is enforced via Vanta and tracked using JIRA {Atlassian product},

Employee referrals made easy

Intrro - The fastest way to get employee referrals | Product Hunt

Product

  • Referral Automation
  • Employee Experience
  • InsightsDiversity

Resources

  • Help center
  • PodcastBlogToolkite-Book

Company

  • Security
  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • CareersRefer and earn $1,000
© 2022 Intrro