Trust Center

IFS Ultimo continuously innovates and invests, using best practices and industry standards to achieve compliance with industry-accepted security and privacy frameworks. This helps ensure your data is protected and secure.

Download certificate.

Download the Certificate and Statement of applicability.

Request the latest report.

IFS Ultimo uses commercially reasonable efforts to provide SaaS with a 99.7% uptime yearly. This is described in our Support Policy.

To ensure continuous availability of your Ultimo environment, we use multiple primary and secondary MS Azure data centers as so-called paired regions set up in countries aligning with applicable legislation.

Disaster recovery is tested at least every six months to ensure availability in the unlikely case of a total site incident. RTOs and RPOs can be found in our Support Policy.

You can see the current status of our service and scheduled maintenance here: IFS Ultimo Status.

IFS Ultimo architecture has been made suitable for MS Azure in container architecture. To restrict access to sensitive data, all traffic to these resources uses private endpoints and/or restricted public network access. We also use static inbound and outbound [IP addresses] (https://developer.ultimo.net/documentation/azure-ip-addresses) to allow customers to configure their firewalls. Nginx is configured to only accept SSL connections. And with security monitoring in place, we ensure a carefree enjoyment of Ultimo software.

We use Azure Defender protection, which provides virus and vulnerability scanning on multiple security levels. Azure DDOS protection has also been deployed to prevent DDOS attacks.

In case of a system alert, events are escalated to our Incident Response Teams, which are trained in security incident response processes.

Data is encrypted in transit and at rest. Data from the database in transit uses minimal TLS 1.2, and Data from the database at rest uses TDE using AES and 3DES. Data from our storage in transit uses minimal TLS 1.2, Data from storage at rest uses AES, and we use TLS/SSL with only strong ciphers for the web application.

Development and code reviews are conducted according to the OWASP list, and all engineers, peer developers, and gatekeepers do the code reviews.

IFS Ultimo performs tens of thousands of automated tests before every software release. This is combined with periodical manual tests.

Static source code analysis tools check code complexity, code duplication, agreements concerning style and consistency, and code coverage achieved through unit testing.

Our Quality Assurance teams review and test functionality and code in separate environments from the production environments. After release, we deliver the updated software through our automated pipeline.

The code and used libraries are continuously scanned for security vulnerabilities by specialized external tools like mend.io. In addition to our extensive internal scanning and testing program, third-party security experts perform penetration tests.

Connection to the corporate network is possible Integration with your corporate active directory is possible with two-factor authentication (SAML2/SSO, WS-Federation). With two-factor authentication, it is more complicated for attackers to gain access to sensitive content on devices or online accounts.

Penetration testing of the hosting platform and software security reviews are done yearly  by a specialized external party. The infrastructure and the web  application of Ultimo have excellent security levels.

We are firmly committed to privacy, security, compliance and transparency. This commitment extends to supporting our customers in meeting UK, EU  & US data protection requirements, including those outlined in the General Data Protection Regulation (GDPR).

If an individual wishes to exercise their data protection rights regarding personal data stored or processed by us on behalf of one of our customers within the customer’s Service Data (such as requesting access, correction, amendment, deletion, portability, or restriction of processing), they should direct their inquiry to the subscriber, who acts as the data controller. 

Any other request can be sent to info@ultimo.com.

Our Data Protection Officer (DPO) can be reached at info@ultimo.com.

On the ultimo.com website, we use cookies to enhance your browsing experience, improve our website, and ensure our website functions effectively.  We do not use cookies in our ultimo product.

Our Website & Marketing Privacy Policy gives you information on how IFS Ultimo collect and use your personal data through your uses of this website, including any data you may provide when you register with us, sign up for our newsletter, purchase a product or services or take part in an online or offline event.

Where IFS Ultimo acts as a data processor, the IFS Ultimo Privacy Policy is applicable. This policy can be found on ultimo.com/policies/privacy.   

The Privacy Policy also gives you information on how IFS Ultimo collects and uses your personal data through your uses of the Ultimo.com website, including any data you may provide when you register with us, sign up for our newsletter, purchase a product or services or take part in an online or offline event.

IFS Ultimo offers a robust suite of access controls and encryption tools to help customers safeguard their information effectively.

Based on the geolocation of our customers, we have various paired regions for hosting our EAM Software on the MS Azure Platform. Unless instructed otherwise by the customer, the geolocation of the main entity of the customer will be the hosting location (e.g. customer in EU, hosting in EU). MS Azure’s comprehensive security can be found here: Microsoft Trust Center Overview | Microsoft Trust Center.

At IFS Ultimo, we integrate Privacy by Design and by Default into every stage of our development process. This means that privacy considerations are not an afterthought. They are embedded into the core of our products and services from the outset.

IFS Ultimo uses Data Lifecycle Management to ensure only necessary personal data is collected and retained for the purpose of the collection in both it’s roll as data controller and data processor.

As a user of IFS Ultimo EAM Software, you been given various features to be in control over your own data collection and retention. Ask your account manager for more information.