We are committed to protecting your data and
documents across all dimensions. We have
implemented security measures across
Infrastructure, Operational and Product Security to
ensure a fully secure environment for your data
and contracts.
IT and Infosec teams love us too, because we are
certified SOC 2, ISO 27001 and GDPR compliant.
We are SOC 2 compliant. This means we have been voluntarily
audited by an independent AICPA certified third party
organisation. These audits are conducted through several strict
tests and reviews of our measures of Security, Availability,
Confidentiality of Data, Processing Integrity and Privacy.
Initio is SOC 2 compliant since 2022.
We enforce strict policies on technical access controls which prohibits employees from accessing any personally identifiable information. Initio is compliant with standards set by ISO 9001 (Global Quality Standard) and ISO 27001 (Security Management Controls).
Initio is a GDPR Compliant organisation, meeting the requirements both as a data controller and a data processor.
Initio is GDPR compliant since 2021.
360˚
In-transit and at-rest encryption
Initio uses 2048-bit key encryption for encrypting the communication between clients and Initio
servers. We regularly test our SSL/TLS configuration against best practices by using the SSL Server
Test tool and ensure that our rating is greater than 'A'.
Built with data residency and on premise deployment in mind
Initio offers hosting options in different geographies around the world to address any data residency
requirements. Initio also manages on premise deployment on client servers.
Automatic backups and redundant servers
All the data from the DB server and other internal services is backed up daily. Apart from these
backups, we also maintain redundant servers in the form of replicas for critical services like
databases.
Continuous Vulnerability & Penetration Testing
We continuously monitor for potential vulnerabilities through Continuous Vulnerability & Penetration
Testing. We periodically review and update our code and systems configuration to ensure that your
data is always protected from hackers or any new security threats that open up.
Operational Security Best Practices
There are comprehensive operational security policies in place that include governance on employee
verifications/background checks, IT Assets, access controls, antivirus policies, remote access
policies and remote disablement, password policies, internal access policy and various other risk
mitigation best practices. A copy of our policies may be provided upon request.
Virtual Private Network for inter server communication
All servers of Initio are placed in a virtual private network to provide logical isolation from the
internet at large. We use state-of-the-art, peer-reviewed technologies to achieve this which protects
Initio's servers from Man-in-the-Middle attacks and other potential transport layer security
vulnerabilities.
Session/Activity tracking & Role-based Permission
Initio logs the IP address of every session for your account and actions taken by your users to help
you monitor for suspicious activity. And with the role-based permission you can give selective access
to the functionality and the data within the product to the different users of the team.
Login safeguards
Initio has an SSO with Google, Okta, Microsoft Active Directory and Azure services to be able to
leverage your organization’s centralized identity provider into Initio. Initio automatically locks
accounts for a period of time after failed login attempts.
Password policies
We use the battle-tested, industry standard bcrypt algorithm to securely hash and salt the
password, before saving it in our database. Initio also has provisions to consider password policies
from client specific regulations.
