Executive Summary

Robust multi-layered security designed for enterprise scale.This document includes a high-level overview of our information security and policies. Our software is designed with security as a core principle and it is built directly into the foundation of our products from day one.  We have worked closely with top-rated security auditors such as NCC Group and Kudelski Security who conducted a series of security code analyses and pen-testing to ensure our product is secure. Laika Compliance has also audited our operational controls to verify that we comply with the strict requirements of SOC II.

Our infrastructure is hosted on AWS in the EU-West (Ireland) region, which provides robust physical security and compliance with EU data protection regulations. Our IT controls include: restricted access to data is on a “need to know” basis, end-to-end encryption for storage and transmission across all systems, a “release management process” for any software releases, incident management processes, highly available cloud resources, and additional policies, controls, and safeguards described below in this document. We have a strong commitment to transparency and accountability. All of our controls, and policies have been audited and certified for SOC II Type 1 compliance, with periodic testing to ensure ongoing effectiveness.

Additionally, our software undergoes regular [1] security audits and penetration testing by independent experts from NCC Group and Kudelski Security. These audits help io.finnet stay at the forefront of security best practices in the industry.

We have implemented comprehensive data privacy compliance documentation and have appointed a Data Protection Officer to oversee the exercise of users' data privacy rights. Changes to the software, including maintenance activities, are managed in accordance with our SOC II release management process to ensure minimal disruption.

Overall, io.finnet's robust security measures, combined with its commitment to regular audits and compliance, make it a trusted, secure, and reliable platform that meets and exceeds industry standards.

[1] We engage with accredited third-party auditors for a comprehensive review every 12 - 24 months.
TECHNOLOGY & INFRASTRUCTURE
AUDITS & CERTIFICATIONS
SOLUTION ARCHITECTURE
INTERNAL SECURITY PROGRAM
io.finnet also has an organizational structure that establishes, approves, implements, and monitors adherence to an Information Security Program through clear lines of authority and responsibilities. Contact us to learn more about io.finnet Internal Information Security Policy.
BASIC COPYRIGHT NOTICE & DISCLAIMER
© 2021 This presentation is copyright protected. All rights reserved. You may download or print out a hard copy for your private or internal use. You are not permitted to create any modifications or derivatives of this presentation without the prior written permission of the copyright owner.
This presentation is for information purposes only, the opinions expressed in this presentation are solely those of Io FinNet and do not necessarily reflect the views of any third party. All statements made in this presentation are believed to be true and accurate at the time of publication, however, Io FinNet makes no representations or warranties of any kind, express or implied, regarding the completeness, accuracy, reliability, or suitability of the information provided. No reliance should be placed on the information provided herein without independent verification. Any decisions made based on the information presented here are at your own risk. In no event will Io FinNet be liable for any loss or damages of any kind, including any direct, indirect or consequential damages arising out of or in connection with the use of this presentation.