Security Statement

1. Our Commitment

At Incedo Inc. (“Incedo”, “we”, “us”, or “our”), protecting the confidentiality, integrity, and availability of information is a top priority. We recognize that our clients, partners, employees, and visitors trust us with sensitive data, and we are committed to maintaining the highest standards of information security.

2. Security Frameworks and Standards

Our security program is designed in alignment with:

• ISO/IEC 27001 Information Security Management standards.
• NIST Cybersecurity Framework.
• SOC 2 (Type II) controls.
• Applicable U.S. federal, state, and international regulations (e.g., GDPR, CCPA/CPRA, India DPDPA 2023).

3. Technical Safeguards

We implement multiple layers of defense to secure our systems and data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256).
• Access Controls: Role-based access, multi-factor authentication, and least-privilege principles.
• Network Security: Firewalls, intrusion detection & prevention systems, secure VPN access.
• Monitoring: 24/7 logging, monitoring, and anomaly detection across infrastructure.
• Vulnerability Management: Regular scanning, patch management, and penetration testing.

4. Administrative & Organizational Safeguards

• Policies: Comprehensive security, privacy, and acceptable use policies.
• Training: Mandatory security awareness and phishing simulation programs for employees.
• Vendor Management: Risk assessments and security due diligence before onboarding third-party providers.
• Incident Response: Documented and tested incident response plan for rapid detection, escalation, and resolution of security events.
• Business Continuity & Disaster Recovery: Redundant systems, regular backups, and tested recovery protocols.

5. Data Protection Practices

• Minimization: We only collect and retain the minimum personal data necessary for business purposes.
• Retention: Data is retained only as long as necessary, in line with our Privacy Policy and applicable laws.
• Anonymization/Pseudonymization: Used where feasible to protect sensitive data.
• Cross-Border Transfers: Protected by contractual safeguards such as Standard Contractual Clauses (SCCs) for EU/UK, and DPDPA-compliant measures for India.

6. Security in Development

• Secure Software Development Lifecycle (SDLC): Security reviews integrated into design, coding, and testing stages.
• Code Reviews & Testing: Static and dynamic code analysis to prevent vulnerabilities.
• DevSecOps: Security automated into CI/CD pipelines.

7. Employee & Access Security

• Background Checks: Conducted as permitted by law during hiring.
• Principle of Least Privilege: Employees receive only the access necessary for their role.
• Regular Access Reviews: Accounts and permissions reviewed periodically.
• Termination Protocols: Immediate revocation of access upon employee exit.

8. Client & User Responsibilities

While Incedo takes extensive measures to secure data, we encourage clients and users to:

• Use strong, unique passwords and enable multi-factor authentication where available.
• Keep devices and browsers updated.
• Report suspicious emails or activity to security@incedoinc.com.

9. Incident Management

If we identify or suspect a data breach:

• We will investigate promptly.
• Contain and mitigate the impact.
• Notify affected clients and, where legally required, regulators and individuals within applicable timeframes (e.g., 72 hours under GDPR).

10. Continuous Improvement

Security is not static. We regularly:

• Review and update our security controls.
• Conduct audits and third-party assessments.
• Benchmark against evolving threats and regulatory requirements.

11. Contact Us

If you have questions or concerns about our security practices, or wish to report a potential vulnerability, contact:

📧 security@incedoinc.com
Incedo Inc. – Security Office
100 Campus Drive, Suite 420
Florham Park, New Jersey 07932, USA

12. Governing Law

This Security Statement is governed by and construed under the laws of the State of New Jersey, United States, with disputes subject to the exclusive jurisdiction of the state and federal courts in New Jersey, USA.