Security Compliances & Certifications

SOC 2 Compliance

We are SOC 2 compliant. This means we have been voluntarily
audited by an independent AICPA certified third party
organisation. These audits are conducted through several strict
tests and reviews of our measures of Security, Availability,
Confidentiality of Data, Processing Integrity and Privacy.

Initio is SOC 2 compliant since 2022.


ISO 9001 & 27001 Compliance

We enforce strict policies on technical access controls which prohibits employees from accessing any personally identifiable information. Initio is compliant with standards set by ISO 9001 (Global Quality Standard) and ISO 27001 (Security Management Controls).


GDPR compliance

Initio is a GDPR Compliant organisation, meeting the requirements both as a data controller and a data processor.

Initio is GDPR compliant since 2021.


360˚ ellipse_img



In-transit and at-rest encryption

Initio uses 2048-bit key encryption for encrypting the communication between clients and Initio
servers. We regularly test our SSL/TLS configuration against best practices by using the SSL Server
Test tool and ensure that our rating is greater than 'A'.


Built with data residency and on premise deployment in mind

Initio offers hosting options in different geographies around the world to address any data residency
requirements. Initio also manages on premise deployment on client servers.


Automatic backups and redundant servers

All the data from the DB server and other internal services is backed up daily. Apart from these
backups, we also maintain redundant servers in the form of replicas for critical services like


Continuous Vulnerability & Penetration Testing

We continuously monitor for potential vulnerabilities through Continuous Vulnerability & Penetration
Testing. We periodically review and update our code and systems configuration to ensure that your
data is always protected from hackers or any new security threats that open up.


Operational Security Best Practices

There are comprehensive operational security policies in place that include governance on employee
verifications/background checks, IT Assets, access controls, antivirus policies, remote access
policies and remote disablement, password policies, internal access policy and various other risk
mitigation best practices. A copy of our policies may be provided upon request.


Virtual Private Network for inter server communication

All servers of Initio are placed in a virtual private network to provide logical isolation from the
internet at large. We use state-of-the-art, peer-reviewed technologies to achieve this which protects
Initio's servers from Man-in-the-Middle attacks and other potential transport layer security


Session/Activity tracking & Role-based Permission

Initio logs the IP address of every session for your account and actions taken by your users to help
you monitor for suspicious activity. And with the role-based permission you can give selective access
to the functionality and the data within the product to the different users of the team.


Login safeguards

Initio has an SSO with Google, Okta, Microsoft Active Directory and Azure services to be able to
leverage your organization’s centralized identity provider into Initio. Initio automatically locks
accounts for a period of time after failed login attempts.


Password policies

We use the battle-tested, industry standard bcrypt algorithm to securely hash and salt the
password, before saving it in our database. Initio also has provisions to consider password policies
from client specific regulations.