Security

Security is a foundational design principle at IncentIQ, not an afterthought. Incentive compensation data is among the most sensitive information an enterprise manages, and we protect every layer with enterprise-grade controls.

Deployed on ServiceNow's enterprise cloud — ISO 27001 certified data centres with redundant power, cooling, and network connectivity.

• SOC 2 Type II audited infrastructure with 99.9% uptime SLA
• Production environments logically isolated from dev and staging

All customer data is encrypted at rest and in transit using industry-standard algorithms managed through dedicated key management infrastructure.

• AES-256 at rest via dedicated HSM with automated key rotation
• TLS 1.2+ in transit — HTTPS enforced on all endpoints

Access to IncentIQ systems is tightly controlled and continuously monitored across all roles and environments.

• Role-based access control (RBAC) with granular permission sets
• MFA enforced org-wide with SSO/SAML 2.0 and OIDC support
• Least-privilege policy — access auto-revoked on role change

IncentIQ inherits the compliance posture of the ServiceNow Now Platform and maintains its own programme aligned to international standards.

• SOC 2 Type II audited, ISO 27001 aligned, GDPR and CCPA ready
• DPAs and pen test summaries available to enterprise customers under NDA