Trust Center
How Inginit handles security, privacy, and access.
We work with client systems and data as part of delivery.
This page outlines how Inginit protects client data, manages access, and responds to security requests.
Compliance
& Assurance
Inginit operates an Information Security Management System (ISMS) for handling client data.
ISMS scope statement
The information security management system applies to the protection of confidentiality, integrity and availability of client data across inginit’s business operations and service delivery.
ISO/IEC 27001
-
ISO/IEC 27001:2022 certification is currently in place for market research data collection services.
-
ISO scope expansion is in progress to reflect broader Inginit operations. (This statement will be updated once the updated certification scope is issued.)
GDPR
We maintain GDPR-aligned privacy practices and can share relevant documentation on request.
Core Security Practices
We implement security measures that address the real-world risks of handling healthcare data. Our operational environment is structured for resilience, visibility, and proactive incident response.
Zero Trust Architecture
Inginit enforces a Zero Trust model across all endpoints and identities using Microsoft Office 365 Premium. This includes:
-
Identity protection via Azure AD with MFA
-
Conditional access policies
-
Endpoint compliance enforcement
-
Data Loss Prevention (DLP) rules across Teams, SharePoint, and Exchange
Access Management
Access is limited to approved roles and business need, applying RBAC, least-privilege permissions, and controlled session/token lifetimes.
-
Role-Based Access Control (RBAC) across all environments
-
Least privilege principle enforced in source code repositories and production environments
-
Secure session and token expiration policies
Vulnerability Testing
Security is validated through annual third-party VAPT and continuously strengthened via dependency scanning in CI/CD with tracked remediation.
-
Annual third-party VAPT (Vulnerability Assessment and Penetration Testing) conducted with remediation tracking
-
Dependency and package scanning integrated into CI/CD pipelines
Encryption
Data is protected in transit (TLS 1.2+) and at rest (AES-256), including encrypted backups with automated key rotation.
-
TLS 1.2+ for all data in transit
-
AES-256 encryption for data at rest
-
Encrypted backups with automated key rotation
Audit Logging & Monitoring
Key actions are logged and monitored, with alerts for anomalous activity and routine internal access reviews.
-
System-level and application-level audit logs maintained and retained
-
Alerting and anomaly detection across sensitive operations
-
Regular internal access reviews
Governance & Risk Management
We follow structured processes to identify, assess, and address risks across people, processes, and technology.​
-
Ongoing risk assessments and threat modeling sessions
-
Annual internal security policy reviews
-
Employee security awareness and compliance training
-
Vendor risk assessments and NDAs for all subprocessors
Tools we use (subprocessors)
We use widely adopted tools to run our operations.
-
Website hosting: Wix
-
Email & collaboration: Microsoft 365
-
Support/ticketing: Freshdesk (ticket intake, tracking, and reporting)
-
Analytics: Google Analytics​