Security
At indigitall, security, privacy, and client trust are foundational pillars of our platform. We integrate a security-by-design approach into our entire solutions lifecycle, combining people, processes, and technology to build a robust and constantly evolving security ecosystem. This strategy ensures data protection and service continuity are core components of our architecture, not afterthoughts.

Certifications & Compliance
Our commitment to global security standards is validated by internationally recognized certifications. These provide independent verification of our security controls and processes.
- ISO 27001: An international standard certifying our Information Security Management System (ISMS) (see document).
- HIPAA Compliant: Adherence to standards for protecting sensitive patient health information in the United States (see document).
- SOC 2 Type II: We are currently in the process of certification, evaluating our controls for security, availability, and confidentiality.
- National Security Framework (ENS): Compliance for operating with public and regulated entities in Spain (see document).

Core Security Practices
Our security framework is built on a comprehensive, multi-layered approach to protect data at every level.
- Information Security: We employ a Secure Software Development Lifecycle (SSDLC), role-based access control (RBAC) with multi-factor authentication (MFA), and strict data classification policies to prevent unauthorized access.
- Data Protection & Privacy: Our systems are built on "Privacy by Design" principles and guided by proactive responsibility. We ensure compliance with major data protection regulations—including GDPR (see document), Spain's LOPDGDD, and other applicable market laws—while practicing data minimization and giving users full control over their data rights.
- Encryption & Key Management: All data is encrypted in transit using strong protocols like TLS 1.2+ and at rest using robust algorithms such as AES-256. We follow rigorous key management and rotation protocols to safeguard cryptographic keys.
- Business Continuity & Resilience: We ensure high availability with redundant backups, documented recovery plans (DRP/BCP), and clear RTO/RPO targets. Our resilient infrastructure is built on Google Cloud, a platform that meets rigorous, internationally recognized certifications and compliance standards. This infrastructure features automatic resource scaling for optimal performance. To ensure low latency and meet regulatory requirements, resources are strategically deployed in regional data centers in the EU or the US, based on client location.
- Physical Security: Access to our facilities and data centers is strictly controlled and monitored 24/7. We enforce clean desk policies and secure, documented hardware disposal procedures.
Culture, Transparency & Contact
- Training & Awareness: Security is a shared responsibility. All employees undergo mandatory annual cybersecurity training, continuous awareness campaigns, and practical simulations to ensure our team serves as the first line of defense.
- Transparency: We believe in full transparency. We provide clients with updated documentation on our security practices and maintain a dedicated, specialized channel for any security and compliance inquiries.
Updated 18 days ago