Legal
Security at ICI TECH
Last updated May 15, 2026
Security is core to what we ship. This page summarizes how we protect your data, the certifications we hold, and how to responsibly report vulnerabilities.
1. Compliance & certifications
- SOC 2 Type II (annual)
- ISO 27001 + ISO 27017 + ISO 27018
- HIPAA + HITRUST
- GDPR + CCPA + UK GDPR
- PCI DSS Level 1 (as a service provider)
2. Infrastructure
ICI TECH runs on AWS across multiple regions with active-active failover. Customer data is isolated per tenant. All data in transit is TLS 1.2+; all data at rest is encrypted with AES-256 and HSM-backed key management.
3. Access controls
Internal access to customer data is governed by the same just-in-time access controls we sell — least privilege, time-bound, with full audit. All production access requires hardware key MFA and an approver.
4. Vulnerability disclosure
If you've found a security issue in ICI TECH, please report it to security@icitech.example. We respond to all reports within 24 hours and credit researchers in our public hall of fame.
5. Sub-processors
A current list of sub-processors is available on request. We notify customers via email at least 30 days before adding a new sub-processor.
Questions about this document? Email us at legal@icitech.example.