System Architecture

Application Layers

Inventory Pro consists of several integrated components organized into distinct layers:

• Web Tier -- Desktop, Mobile, and REST API applications served by IIS. Each handles a different access pattern: full desktop interface, mobile-optimized warehouse operations, and programmatic API access.
• Business Logic -- .NET libraries that handle grid-based bulk operations (receiving, issuing, cycle counts), PDF and barcode generation, Excel/CSV import and export, and core database access.
• Data Tier -- SQL Server databases and file storage for documents, images, and attachments.
• Integration Services -- Scheduled services and real-time connectors for ERP synchronization, EDI document exchange, e-commerce platforms, and other external systems.

Authentication

Inventory Pro supports multiple authentication methods: internal credentials with configurable password policies, SSO via Active Directory or other identity providers, smart card authentication, and OAuth 2.0 for API access. Your team uses the method that fits your existing security infrastructure.

Cloud Hosting

Inventory Pro is hosted in a virtualized Azure environment with application and database servers separated. Each client instance has its own isolated database — data is never commingled between operations. This isolation strengthens security and allows independent recovery if an issue occurs.

Application Servers

Application servers handle web requests and store uploaded files. Data on these servers is backed up regularly and replicated across multiple providers.

Database Servers

Database servers store the majority of your business data. These servers are not accessible from outside the production network*. Databases are backed up continuously, and we can restore to a specific point in time if needed -- for example, after a bad bulk import or an accidental bulk operation.

* Unless required by an integration. In that case, we follow least-privilege practices to lock down the endpoint.

Security

• Encryption in transit -- TLS 1.2+ enforced on all connections, HSTS enabled.
• Encryption at rest -- AES-256 for backups; Azure platform encryption for storage.
• Restricted administration -- Administrative access requires strong authentication and is not exposed to the public internet. Management interfaces are accessible only through secured internal channels.
• Network segregation -- Production and development environments are physically and logically separated. Firewall rules follow least-privilege principles.
• Role-based access control -- Over 290 configurable permissions, warehouse-level restrictions, and per-page security checks within the application.

CISS aligns with NIST Cybersecurity Framework (CSF) 2.0 as our primary security framework, with voluntary alignment toward ISO 27001:2022 and SOC 2 Type II goals. See our Security & Compliance page for application-level controls.

Backup & Recovery

We maintain a multi-tier backup strategy with geographic redundancy:

• Continuous -- Point-in-time recovery with fine-grained granularity for rapid restoration (where supported by deployment).
• Daily -- Full backups to a cloud recovery vault, retained for 30 days.
• Off-platform -- Encrypted daily backups to a separate cloud storage provider with immutable object locking for ransomware protection.
• Air-gapped -- Daily copies transferred to on-premises storage, physically separated from production.

All backup data is encrypted before transmission and at rest. Archival storage retains data for up to 12 months.

Recovery Objectives

Data Ownership

Clients own their data. CISS acts as a custodian on your behalf, not an owner. You can export your data at any time in Excel, CSV, or PDF format through built-in reporting. If you leave, your data goes with you.

We do not sell, rent, or share your data with third parties. Your business data exists solely to run your operations inside Inventory Pro -- it is never used for analytics, advertising, or any purpose outside your account.

For our full data handling practices, see the Privacy & Data Policy.

Self-Hosted Deployment

Inventory Pro can run on your own Windows servers — on-premises or in your cloud. Self-hosted clients manage their own infrastructure, backups, and security. We provide installation docs, recommended configs, and optional consulting. See our documentation for requirements.

Third-Party Components

Inventory Pro uses licensed components from third parties, primarily under MIT, Apache 2.0, and BSD licenses. A full list is available in the License file within your installation. Our cloud infrastructure runs on Microsoft Azure, which holds ISO 27001, SOC 1/2/3, HIPAA, and PCI DSS certifications.