Our commitment
to security

At Indicio, we are dedicated to the security, availability, process integrity, and confidentiality of our services.

We take pride in working with key industry leaders and the
protection of this information is key to us.

Security highlights

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

01
Workforce Security

Indicio uses a combination of encryption, highly trained staff, and technical safeguards to protect our customers’ data.

Indicio’s information security program includes measures such as:
- Encrypted and hashed passwords
- Active DDoS mitigation
- Extensive facility access controls
- Multi-factor authentication
- Comprehensive threat intelligence program
- Automated security scans of our systems
- Active penetration testing
- Rigid internal security awareness program and training for employees
- Indicio Vulnerability Reporting Program

Lastly, Indicio has a dedicated security advisory team with industry experts that scours our service for potential vulnerabilities, and helps our engineers ship secure code. 

02
Security Frameworks and Compliance

Our data warehouse has been certified to meet ISO 27001. As an additional security measure, all of our servers hosting customer data can only be accessed via two-factor secured VPN.

Indicio adheres to ISO 27001.

Our robust infrastructure security systems are supplemented by extensive logging and auditing protocols to prevent any instance of improper access by either internal or external parties. These policies and systems ensure that only those employees with a valid business purpose and specific permission have the ability to access sensitive, or customer-provided, data.

Not only are all employees subject to mandatory screening, but these actions are also extensively logged and audited to ensure policy compliance.

03
Business
Continuity Program

Our Business Continuity Program is a comprehensive framework that encompasses risk management, emergency response, and recovery strategies, designed to address potential risks including natural disasters, cyber-attacks, & system failures. It is structured to be in alignment with international standards & best practices, ensuring a swift & effective response.

Risk Assessment &
Business Impact Analysis

We regularly conduct thorough risk assessments and business impact analyses to identify potential vulnerabilities and assess the potential effects of disruptions on our operations, services, and stakeholders.

Incident Response Plan

Our incident response plan outlines the procedures to be followed in the event of a security incident, ensuring quick detection, containment, eradication, & recovery, minimizing the impact on operations.

01

Workforce Security

Security Training and Awareness
Regular training and awareness sessions are conducted to educate our workforce on the latest security threats, best practices, and company policies, fostering a proactive security culture.

Access Control
Strict access control measures are implemented to ensure that only authorized individuals have access to sensitive information and systems, based on the principle of least privilege.

Incident Reporting
Clear & streamlined procedures are in place for reporting any security vulnerabilities, enabling timely and effective resolution.

We implement robust data backup & recovery solutions, ensuring the integrity & availability of our critical data, & facilitating quick recovery in the event of data loss/corruption.

02

Security Frameworks and Compliance

Our data warehouse has been certified to meet ISO 27001. As an additional security measure, all of our servers hosting customer data can only be accessed via two-factor secured VPN.

Indicio adheres to ISO 27001.

Our robust infrastructure security systems are supplemented by extensive logging and auditing protocols to prevent any instance of improper access by either internal or external parties. These policies and systems ensure that only those employees with a valid business purpose and specific permission have the ability to access sensitive, or customer-provided, data.

Not only are all employees subject to mandatory screening, but these actions are also extensively logged and audited to ensure policy compliance.

03

Business Continuity Program

Our Business Continuity Program is a comprehensive framework that encompasses risk management, emergency response, and recovery strategies, designed to address potential risks including natural disasters, cyber-attacks, & system failures. It is structured to be in alignment with international standards & best practices, ensuring a swift & effective response.

Risk Assessment & Business Impact Analysis
We regularly conduct thorough risk assessments and business impact analyses to identify potential vulnerabilities and assess the potential effects of disruptions on our operations, services, and stakeholders.

Incident Response Plan
Our incident response plan outlines the procedures to be followed in the event of a security incident, ensuring quick detection, containment, eradication, & recovery, minimizing the impact on operations.

Security highlights

01

Workforce Security

Security Training and Awareness
Regular training and awareness sessions are conducted to educate our workforce on the latest security threats, best practices, and company policies, fostering a proactive security culture.

Access Control
Strict access control measures are implemented to ensure that only authorized individuals have access to sensitive information and systems, based on the principle of least privilege.

Incident Reporting
Clear & streamlined procedures are in place for reporting any security vulnerabilities, enabling timely and effective resolution.

We implement robust data backup & recovery solutions, ensuring the integrity & availability of our critical data, & facilitating quick recovery in the event of data loss/corruption.

02

Security Frameworks and compliance

Our data warehouse has been certified to meet ISO 27001. As an additional security measure, all of our servers hosting customer data can only be accessed via two-factor secured VPN.

Indicio adheres to ISO 27001.

Our robust infrastructure security systems are supplemented by extensive logging and auditing protocols to prevent any instance of improper access by either internal or external parties. These policies and systems ensure that only those employees with a valid business purpose and specific permission have the ability to access sensitive, or customer-provided, data.

Not only are all employees subject to mandatory screening, but these actions are also extensively logged and audited to ensure policy compliance.

03

Business Continuity Program

Our Business Continuity Program is a comprehensive framework that encompasses risk management, emergency response, and recovery strategies, designed to address potential risks including natural disasters, cyber-attacks, & system failures. It is structured to be in alignment with international standards & best practices, ensuring a swift & effective response.

Risk Assessment & Business Impact Analysis
We regularly conduct thorough risk assessments and business impact analyses to identify potential vulnerabilities and assess the potential effects of disruptions on our operations, services, and stakeholders.

Incident Response Plan
Our incident response plan outlines the procedures to be followed in the event of a security incident, ensuring quick detection, containment, eradication, & recovery, minimizing the impact on operations.

Frequently
asked questions

How does Indicio keep my data secure?

Indicio uses a combination of encryption, highly trained staff, and technical safeguards to protect our customers’ data.

Indicio’s information security program includes measures such as:
- Encrypted and hashed passwords
- Active DDoS mitigation
- Extensive facility access controls
- Multi-factor authentication
- Comprehensive threat intelligence program
- Automated security scans of our systems
- Active penetration testing
- Rigid internal security awareness program and training for employees
- Indicio Vulnerability Reporting Program

Lastly, Indicio has a dedicated security advisory team with industry experts that scours our service for potential vulnerabilities, and helps our engineers ship secure code. 

How does Indicio ensure my privacy?

Indicio publishes and strictly adheres to a privacy policy aimed at protecting all parties that interact with our service. Our Privacy Policy explicitly details the information we may collect about you, and how we will use that information.

Furthermore, Indicio strictly adheres to a data minimization policy by which logs are automatically deleted after 30 days (see Indicio’s privacy policy for more information).

Does Indicio encrypt customer data?

To ensure the security of customer data throughout its lifecycle, Indicio encrypts information both at rest and when it is in motion.Data is stored with Advanced Encryption Standard (AES) 256-bit encryption when at rest.

How does Indicio prevent unauthorized access?

Indicio fully recognizes the sensitive nature of the data that we handle, and that is why we’re committed to safeguarding all information we store from any unauthorized access.All customer data stored by Indicio is located in data centers secured by a third party, which offers unparalleled physical and information security. These servers are housed separately from Indicio’s corporate offices. Our data warehouse has been certified to meet ISO 27001. As an additional security measure, all of our servers hosting customer data can only be accessed via two-factor secured VPN. Indicio adheres to ISO 27001.

Our robust infrastructure security systems are supplemented by extensive logging and auditing protocols to prevent any instance of improper access by either internal or external parties. These policies and systems ensure that only those employees with a valid business purpose and specific permission have the ability to access sensitive, or customer-provided, data. Not only are all employees subject to mandatory screening, but these actions are also extensively logged and audited to ensure policy compliance.

Is Indicio GDPR compliant?

Yes. Indicio is GDPR compliant.

What customer information does Indicio store?

Beyond customer financial information that is securely kept for billing purposes, and user passwords and location to allow access to the service, Indicio stores the following customer data:

- Audit logs
- Uploaded or synchronized data
- Forecast results
- Third-party credentials for data integration

Indicio encrypts and stores this data securely. Indicio logs certain user actions. Logs are stripped from user-specific data, and all other customer data is deleted, or anonymized as applicable, after a subscription is terminated. Indicio stores encrypted database backups for a period of 3 months.

Moreover, as stated above, Indicio has an entire infrastructure in place to ensure that this data cannot be accessed by any unauthorized party.

How does Indicio respond to government or law enforcement requests for data?

As detailed in the Indicio privacy policy, Indicio does not share any data or logged information with any other company, organization, or individuals except as required in the following situations:

- Satisfy a valid law enforcement request, or as required by law
- Enforce applicable Terms of Service, Terms of Use, or other contractual obligations
- In case of emergency, to protect the property, safety, security, and rights of Indicio, its users, or the general public

Plus, any request that is received is extensively reviewed to ensure compliance with all applicable laws, and it is Indicio’s policy to respond as narrowly as possible to best protect our customers’ privacy.

Does Indicio support 2-factor authentication?

Yes, Indicio provides 2-factor authentication support from the following providers, and are in the process of expanding our service to include additional providers in the future:Google AuthenticatorAuthy

Does Indicio adhere to secure coding guidelines?

Yes, Indicio adheres to secure coding guidelines (including OWASP Secure Coding Practices) that address common software development vulnerabilities.

How can I report a security vulnerability to Indicio?

If you have discovered a vulnerability in our service, please contact us at security@indicio.com.

How does Indicio use query data?

Indicio uses this data in one of two ways:

- (i) Indicio uses this data to provide our services to your organization, this includes everything from returning the query results, to providing recommendations of indicators, and sending out Notifications as configured by users in your organization; and (ii) Indicio uses unattributed query data to develop & improve our offerings.

These improvements may include, but are not limited to, providing a signal to our teams regarding what type of data to improve, what research to pursue, insight into trends, data enrichment and potential feature improvements.

Further, while Indicio only retains query logs for 30 days, these logs may be used in the event there's a security or other technical issue (subject to Recorded Future's strict internal access policies), and may be subject to valid legal requests.

Please view Recorded Future's Privacy Policy for more information.