Incident Tracker

Security Overview - Incident Tracker

Incident records contain sensitive information — staff details, patient events, liability exposures. Here is what we do to keep that data safe.

Hosting & Network

Incident Tracker is hosted on Microsoft Azure in US-based data centers. HTTPS is enforced on all connections, and HTTP Strict Transport Security (HSTS) is enabled to prevent protocol downgrade attacks.

  • Microsoft Azure — enterprise-grade infrastructure with built-in redundancy
  • HTTPS enforced; HSTS enabled site-wide
  • DDoS mitigation active at the network layer
  • Optional IP allowlist available for organizations requiring network-level access restrictions

Identity & Access

Access to incident data is controlled at the user, role, category, and location level. Staff only see what they are authorized to see.

  • SAML 2.0 Single Sign-On — Microsoft Entra (Azure AD) most commonly used; Google and LDAP also supported
  • Role-based access with granular per-category and per-location restrictions
  • SCIM provisioning for automated user management at scale
  • Field-level redactions to hide sensitive data from unauthorized users within an incident

Data Protection

Data is encrypted in transit and at rest. No incident record travels or sits unprotected at any point in the system.

  • TLS 1.2+ enforced for all data in transit
  • AES-256 encryption for data at rest
  • Full audit trail on every action — creates, edits, status changes, and assignments logged with timestamp and user attribution
  • Audit logs are searchable and exportable for compliance reporting

Reliability & Backups

We target 99.95% uptime. Planned maintenance is announced in advance through the application. Current and historical availability is available on our status page.

  • 99.95% uptime target with continuous monitoring
  • Automated backups with geographic redundancy
  • Maintenance windows communicated in-app before any scheduled work
  • Live system status available at all times

Track Record

Incident Tracker has operated since 2003 with no data breaches. Security is reviewed on an ongoing basis, and documentation is available for vendor assessments and security questionnaires. For compliance or security questions, contact our team.

Request a Free Trial

Get full access to Incident Tracker after a short 15-minute web review with our team.