Information Security Our Clients Know They Can Trust

Iconixx uses a layered approach of overlapping controls, monitoring, and authentication to ensure the security of every client’s data, our entire network, and all of our system resources. From our technology to the people who handle your data, earning your trust is at the forefront of your designs and policies.

Read more about why you can trust Iconixx.

Read more

Data Center Infrastructure

Iconixx operates a Tier IV, 2N data center with compliance for PCI, HIPAA, and SSAE 16 Type II.

Building Features

  • 190,000 square feet, reinforced poured concrete construction, including the roof, designed to handle winds of 200-plus miles per hour and windows designed to handle an impact of up to 150 miles per hour
  • 61,000 square feet of raised floor (18” to 24”)
  • Redundant HVAC with chilled water and backup chillers located on-site
  • Air-handling monitoring for temperature, air quality, and humidity, 24/7, 365 days a year
  • Smoke sensors above and below the raised floor
  • Multistage production dry pipe system that requires alert from two sensors to activate pipe fill and a final stage, which activates when the temperature exceeds thresholds


  • Dual cabling entrances into the building encased in four feet of concrete
  • Multiple CO redundancy and fiber access to primary carriers that:
    • Run to two different local POPs
    • Are provided by two different carriers


  • Dual power grids from local power company with capacity for four megawatts of power at transformers
  • All power components are:
    • 100 percent redundant (2N)
    • Inside the building, including diesel generators
    • Able to be maintained without loss of power
    • Rotary-based UPS in 2N configuration (no batteries)
  • Three diesel generators (1,250KW each)
  • 6,750 gallons of fuel on-site with refueling contracts
  • All power cabling on floors has waterproof casing with waterproof connectors to all equipment

Physical Security

All Iconixx building entrances require card key access. In addition:

  • Primary computer areas require card key and biometric (IRIScan) authentication.
  • More than 200 closed-circuit cameras cover the outside of the building, all entrances, and computer rooms.
  • All cameras are taped on time-lapse recorders and stored for 90 days.
  • At least two security guards are on-site at any time.
  • The guard station is manned 24/7, 365 days a year, inside a bullet-resistant enclosure.
  • All monitoring and alarm systems are on a UPS system within guard station.

Network Security

All Iconixx firewalls are virtualized, with a redundant pair of Cisco firewalls in failover configuration.

Additional Firewall Security

  • Host-based Intrusion Detection (HIDS)
    • HP OpenView
    • GFI LanGuard
  • Network Intrusion Detection (NID)
  • Common appliance screens all incoming traffic
  • Integrated with reports from firewall and device logs
  • Event correlation and filtering

Database Layers and Isolation

  • Operational data schema
    • Isolated customer schemas
    • Designed and tuned for high transaction volumes
    • Two-phase commit and rollback mechanisms
    • Configurable and extensible
  • Reporting and data mart schema
    • Separate from live calculations
    • Designed for data retrieval performance
    • Compensation, workflow, and HR data
    • Scheduled, automatic population of schema

Internal Authentication

  • Application user accounts are managed directly by customers.
  • All user passwords are encrypted.
  • Password controls include:
    • Minimum length
    • Minimum number of lowercase characters
    • Minimum number of uppercase characters
    • Minimum number of symbols
    • Password expiration period
    • Prior password usage
    • Automated password reset
    • Automated password reset wait period

Single Sign-on

  • Customer-specific Authentication (encrypted URL parameters)
  • SAML 2.0


  • On-demand uploads and downloads via application interface
  • Web services
  • 128-bit encrypted transfers


  • Automated file uploads and downloads
  • 1024-bit encrypted transfers
  • Individual file encryption (like PGP) also supported