Security Information

Scroll down

Illustration showing data security
Indiggo’s solution was built with security as a foundational requirement. We know we are the system of record for your company’s strategic objectives, and we take that responsibility very seriously. We have conducted and passed rigorous security reviews. We focus on security so you can focus on getting the right $#!^ done…well!

NIST Cybersecurity Framework

Indiggo conducts a 3rd party, independent review of our security policies and procedures. Indiggo is compliant with NIST SP 800-53 rev. 4 and the NIST Cybersecurity Framework v1.0.

An executive summary of the results is available and will be sent upon request.

Cyber security illustration
GDPR security illustration

GDPR and Privacy Shield Compliant

Indiggo is fully and proudly compliant with the EU GDPR, and we are certified compliant with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework. We worked closely with TRUSTe to review and verify our policies and procedures to ensure compliance with the Privacy Shield Framework.

GDPR security illustration

The European Union General Data Protection Regulation (GDPR) is a law that regulates the transfer of personal data out of the European Union that took effect in May 2018. The GDPR enumerates end-users’ rights with regards to data collected about them, including the right to view, delete, and/or cease collecting this data.

The EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework was created by the U.S. Department of Commerce, European Commission, and Swiss Administration. It supports commerce between countries and fulfills data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the U.S. The Privacy Shield program requires a higher level of data protection and strong privacy policy from organizations to comply with the enforcement of GDPR in the EU and Switzerland.

Additional Information

  • The platform has been designed and developed following the best practices in secure data management.
  • AWS compliance documentation is located here.
  • Multiple roles and corresponding authentication procedures are implemented according to best practices.
  • All data is encrypted and stored in an encrypted form.
  • Enterprise-level data is logically isolated from other enterprise data to avoid any potential access and to maintain confidentiality.
  • The security policies are instituted on all instances of data replicated and stored. This includes backups, replications for performance, and/or availability.
  • All external access to the data will be through the platform API’s over HTTPS over SSL/TLS.