Security & Compliance

The security of customer data is at the heart of everything we do.

Application security

Process Transparency (logs)

Digitisation with the Itiner Digital Platform brings traceability and full transparency to every process. Detailed logging and analysis help you stay in control of workflow steps, user actions, document versions and changes.

Communication Encryption

All data traffic is transmitted via HTTPS with TLS encryption, helping protect sensitive information such as passwords and financial data from interception. Customer data is protected through VPN-based access, while technologies such as HSTS help safeguard cloud services against downgrade attacks and cookie hijacking.

Confidentiality & Access Control

Access to documents and workflow information is governed by a comprehensive permissions structure. You can define exactly who can read, save, process, export, edit or delete data, helping ensure that your operations remain secure and your data and documents stay confidential.

Secure Software Development

Our well-established change management cycle ensures that all code changes undergo rigorous authorisation, testing and verification before deployment to the production environment. This means that only authorised and thoroughly validated changes are implemented.

SOC 2 Type II Compliance

The Itiner Digital Platform has successfully completed a SOC 2 Type II audit, confirming that the controls in place to protect customer data are effective and independently verified.

Automated Code Deployment

Our CI/CD pipeline enables secure, automated code deployment without manual intervention. It ensures smooth integration and deployment while maintaining predefined security controls, improving both efficiency and reliability.

Independent Testing

The Itiner Digital Platform is tested regularly and audited by independent third parties. These audits focus on both security and operational processes. The product and the company comply with relevant international, national and industry standards.

Document Encryption

All documents are stored using 128-bit encryption to provide a high level of protection for sensitive information. The Itiner Digital Platform uses document-level encryption, with a unique symmetric key generated for each document. This approach helps prevent pattern recognition and significantly reduces the risk of key compromise, even under advanced cryptographic analysis.

Authentication

The Itiner Digital Platform supports comprehensive password policies and Single Sign-On (SSO), helping organisations provide secure, convenient access for their users. With Microsoft and Google authentication, users can sign in with their existing accounts while benefiting from a seamless and secure login experience.

Code Reviews

Secure coding practices are applied throughout the development process, supported by strict quality gates such as static code analysis. This helps ensure that the codebase remains reliable, maintainable and secure.

Artifical Intelligence

Your data is never used to train AI models. Any data read or created by a workflow is isolated within that specific workflow instance and is not accessible outside its defined workflow context, even within the same organisation.

GDPR Compliance

The General Data Protection Regulation (GDPR) protects the personal data and privacy of individuals in the EU and the European Economic Area. It sets out rules for how personal data is collected, processed and handled. Read our GDPR statement.

Organizational Security

BUSINESS CONTINUITY

Itiner Digirtal has robust Business Continuity Planning (BCP) guaranteeing uninterrupted service delivery, mitigating risks, and enabling swift recovery from potential disruptions or unforeseen events.

THIRD-PARTY SECURITY ASSESSMENT

We assess the security of third-party vendors and review their contracts for security and data protection requirements. Third-party audits and certifications are used to support compliance validation, while defined processes help us assess and manage risks related to external dependencies. Any security incidents involving third-party vendors are promptly investigated and addressed.

SECURITY AWARENESS

All employees complete mandatory security and privacy awareness training, supported by posters and regular awareness messages. This helps keep security and privacy practices visible in everyday work and promotes a culture of vigilance.