Trust Center

Built on trust. Audited continuously.

Everything you need to evaluate ICI TECH's security posture — certifications, architecture, sub-processors, and our incident response approach.

SOC 2 Type IIISO 27001HIPAAGDPRPCI DSS

How we protect customer data.

Six pillars of our security program.

Encryption everywhere

TLS 1.2+ in transit for every request. AES-256 at rest. Key management with HSM-backed envelope encryption.

Least privilege, always

Every internal access to customer data is just-in-time, approved, audited, and time-bound. Hardware key MFA required.

Customer data isolation

Tenant data is logically isolated at every layer — directory, audit log, queues, and storage.

Continuous monitoring

Behavioral anomaly detection, drift alerts on production changes, and a 24/7 on-call SOC.

Incident response

Documented runbooks, customer notification SLAs in the DPA, and post-mortems published to customers within 30 days.

Resilient architecture

Active-active across multiple AWS regions; RPO < 1 minute, RTO < 15 minutes for the core directory.

Certifications & compliance.

All audits are conducted annually by independent third parties.

SOC

SOC 2 Type II

Annual audit by an independent firm covering security, availability, and confidentiality.

ISO

ISO 27001

Information security management system, audited against the ISO/IEC 27001:2022 standard.

ISO

ISO 27017

Cloud-specific controls layered on top of ISO 27001.

ISO

ISO 27018

Personal data protection in cloud environments.

HIPAA

Business Associate Agreement available for healthcare customers.

HITRUST

HITRUST CSF

Healthcare-focused security and privacy framework, certified annually.

GDPR

GDPR + UK GDPR

Data Processing Agreement available; EU/UK-specific contractual addenda included.

CCPA

CCPA / CPRA

Privacy controls and data subject rights for California residents.

PCI

PCI DSS Level 1

Service provider compliance for customers processing payment card data via ICI TECH.

Sub-processors.

Service providers we use to deliver ICI TECH. We notify customers 30 days before adding any new sub-processor.

Provider	Purpose	Region
Amazon Web Services	Compute, storage, networking	Global
Cloudflare	DDoS mitigation, edge delivery	Global
Datadog	Application telemetry & alerting	US / EU
Stripe	Billing & payment processing	US
Resend	Transactional email delivery	US / EU
Sentry	Error tracking	US / EU
Vercel	Marketing site hosting	Global edge
Anthropic	Aria AI assistant (no customer data trained on)	US

To subscribe to sub-processor change notifications, email security@icitech.example.

Reports & documentation.

SOC 2 Type II report

Request our latest report under NDA.

Request report →

ISO 27001 certificate

Public-facing certificate (PDF).

Download →

Data Processing Agreement

Standard contractual clauses + addenda.

Download DPA →

Security whitepaper

Architecture, controls, and threat model.

Read whitepaper →

Responsible disclosure

Find a vulnerability?

We pay bounties and credit researchers publicly. Initial response within 24 hours; coordinated disclosure timelines on every report.

Email: security@icitech.example
PGP key: available on request via security@icitech.example
Hall of fame: we credit every researcher who reports a valid issue

Ready to unify your IT with ICI TECH?

Talk to our team about identity, access, and device management built for your workforce.

Provider

Purpose

Region

Amazon Web Services

Compute, storage, networking

Global

Cloudflare

DDoS mitigation, edge delivery

Global

Datadog

Application telemetry & alerting

US / EU

Stripe

Billing & payment processing

Resend

Transactional email delivery

US / EU

Sentry

Error tracking

US / EU

Vercel

Marketing site hosting

Global edge

Anthropic

Aria AI assistant (no customer data trained on)