We are all iplicit. Our security is our culture.
We are a "people-first, trust-based work environment." This philosophy is the foundation of our security programme. It's not a policy; it's our "all iplicit" identity.
Security is not a role. It's our collective discipline.
You will not find a 'Message from the CISO' here.
At iplicit, security governance is not siloed in a single role; it is a collective responsibility, embedded from our leadership team to every employee.
We 'train well, set clear goals... and then we get out of their way'. This culture of empowerment and accountability is our strongest defence.
Proof in practice: The iplicit security champions program
To embed security in our DNA, we operate a 'Security Champions Programme.' We identify and train security-minded leaders within every engineering, product, and operations team.
These Champions drive our 'Secure Software Development Lifecycle', conduct threat modelling, and act as the first point of contact, ensuring security expertise is a shared, scalable resource, not a bottleneck.
A partnership in trust: The shared responsibility model
Securing your data is a partnership. Our "Security Architecture Overview" whitepaper clearly defines the responsibilities for securing the cloud (Microsoft Azure), security in the cloud (iplicit's application), and security of your data (You, the Customer). This transparency is core to our model.
iplicit's Responsibility: Security in the cloud
Whilst iplicit has a number of key responsibilities for Security ‘in’ the cloud, we see this as working in partnership with the Customer to ensure there is clarity, transparency and mutual understanding to ensure security is managed appropriately by both iplicit and the Customer as security is a joint effort.
We are responsible for securing the iplicit application code, managing vulnerabilities, implementing end-to-end data encryption, and managing our personnel's privileged access.
Your Responsibility: Security of your data
You are responsible for managing and securing your own user accounts, credentials, and access permissions within the iplicit application, and for securing the endpoints (laptops, phones) your team uses to access the service.
Need more detail?
For specific attestations, like our Penetration Test Summary or a pre-filled security questionnaire, please use our simple 'Trust Request' form. This is a low-friction verification step that avoids legal NDAs for most requests.
