We perform regular penetration tests of our services so our IFS Cloud service customers don’t have to.
We engage an independent 3rd party specialist organization to run regular security penetration tests against our Cloud Service in addition to security testing performed earlier in the product lifecycle. These tests cover all software versions current at the time of testing and include all IFS core product modules.
Testing takes place from the internet towards a dedicated, production-grade environment, which is built and maintained using the same architecture, design standards, tooling and processes as all customer environments run by IFS in our cloud.
A formal report is compiled as an output of this testing process, detailing any issues found and assigning an associated risk rating, based on the industry standard CVSSv2 scoring system. Any issues identified are fully analyzed and mitigation and remediation plans produced and implemented. The summary of findings and remediations is available to all IFS Cloud customers upon request.