The safety of our customer’s data is at the forefront of our business.
Application security
Process transparency (logs)
Digitization with Itiner Platform stands for traceability and 100% transparency. Thanks to detailed logging and analysis of all actions, you always have full control over workflow steps, user actions, document versions, changes and processes.
Communication encryption
The entire data traffic takes place via HTTPS with TLS encryption. This prevents critical data such as passwords and financial information from being captured. All customer data is secured via VPN. In addition, technologies such as HSTS protect the cloud services, for example, against downgrade attacks and cookie hijacking.
Confidentiality & access control
Access to documents and workflow information is based on a complex permissions structure. This way, you can manage and control which employees receive which permissions for reading, saving, processing, exporting, editing or even deleting data. As a result, you can organize all your operations in a way that keeps your data and documents confidential and protected.
Secure software development
We have a well-established change management cycle that ensures all code changes undergo a rigorous authorization, testing, and verification process before being deployed to the production environment. This ensures that only authorized and thoroughly validated code modifications are implemented.
SOC 2 type II compliance
Itiner Platform has passed a SOC 2 Type II audit, confirming that it meets various criteria for safeguarding customer data. An independent external auditor has verified the effectiveness of the controls.
Automated code deployment
Our CICD pipeline enables secure and automated code movement without manual interventions. It ensures smooth integration, deployment, and adherence to predefined security protocols, enhancing efficiency and reliability.
Independent testing
Itiner Platform is tested regularly and certified by independent third-party institutions. The objective audits focus on security as well as processes.
The product and the company comply with international, national and industry standards.
Document encryption
All documents are stored with encryption, the standard for top-secret documents with the highest level of secrecy. For maximum protection, Itiner Platform relies on a key size of 128 bits, with symmetrical keys of 1024 bits. A new symmetrical key is generated for every document. This means that patterns cannot be recognized or keys calculated even with crypto analysis.
Authentication
Itiner Platform incorporates a comprehensive password policy to ensure strong, secure passwords. It supports Single Sign-On (SSO) for a seamless user experience, allowing users to access multiple applications with a single set of credentials. Integration with Microsoft or Google authentication provides users with additional convenience and security, leveraging their existing accounts for access.
Code reviews
We adhere to secure coding practices throughout the development process and employ stringent quality gating measures, including static code analysis, to ensure the highest level of code integrity.
Artifical intelligence
Your data is never used to train AI models. Any data read or created by a workflow is exclusive to that particular workflow instance and cannot be accessed otherwise, even from within the same organization.
GDPR compliance
The General Data Protection Regulation (GDPR) is an EU law designed to protect the privacy of individuals and businesses in the EU economic area. It establishes rules for how personal data is collected and handled. Read our GDPR statement
Organizational Security
BUSINESS CONTINUITY
Itiner Digirtal has robust Business Continuity Planning (BCP) guaranteeing uninterrupted service delivery, mitigating risks, and enabling swift recovery from potential disruptions or unforeseen events.
THIRD PARTY SECURITY ASSESSMENT
We conduct security assessments of third-party vendors and review their contracts for security and data protection clauses. We obtain third-party audits or certifications for compliance validation and have a process to assess and manage security risks associated with third-party dependencies. Security incidents involving third-party vendors are promptly investigated and addressed.
SECURITY AWARENESS
All employees undergo mandatory security and privacy awareness training program, supported by posters and regular awareness messages, ensuring a culture of vigilance and adherence to security and privacy practices..