All data in transit for external communications is HTTPS traffic encrypted using TLS 1.2 or better. Traffic inside our virtual private cloud (VPC) is encrypted based on the service-specific protocols.

Only Intapp’s Cloud Platform Engineering teams — specifically Intapp’s site reliability engineering (SRE) team and database administrators (DBAs — can access customer data, using Intapp-managed devices, with written consent from the client. Intapp has an internal policy to enforce segregation of duties for our cloud products. Access is provided through time-based privileged identity management (PIM).

Roles and permissions are handled via multiple authentications, including a Bastion host, with virtual private network (VPN) access. Duties are segregated: Logs are inaccessible to Intapp SREs and cloud engineering teams and are instead monitored by Intapp’s security operations center (SOC) Team.

All access and changes are logged internally. Logs are reviewed and monitored by the SOC team and are protected from modification and deletion. Customer data remains in the container in the geographic region the client has chosen.

Intapp’s cloud products have International Organization for Standardization (ISO) 27001/27017/27018/27701 certifications, Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR) certifications, and Asia-Pacific Economic Cooperation (APEC) certifications. System and Organization Controls (SOC) 1 Type 2 and SOC 2 Type 2 reports are also available. The controls in ISO 27018 and ISO 27701 specifically address the handling and protection of personally identifiable information (PII) in cloud solutions. In addition, Intapp provides a clear data processing addendum in its standard contractual clauses.