Information security
Last updated 19 June 2026
Security is our core business, and we hold ourselves to the same standards we deliver for our clients. This statement summarises how IntelligenceX protects its own systems and the data entrusted to us across the UK, USA, EU and India.
For our full security documentation, a security questionnaire response, or compliance evidence, contact contact@intelligencex.org.
1. Governance and Compliance
We align our security programme with recognised frameworks and support clients across them, including:
- ISO 27001 information security management.
- SOC 2 trust services criteria.
- PCI DSS for cardholder data environments.
- GDPR and UK GDPR, and India's DPDP Act and CERT-In requirements.
2. Technical Controls
- Encryption of data in transit and, where appropriate, at rest.
- Role-based access control and least-privilege access, with multi-factor authentication.
- Network segmentation, logging, and continuous monitoring through our managed detection and response capability.
- Regular vulnerability assessment and penetration testing of our own environment.
3. Operational Practices
- Background-checked personnel bound by confidentiality obligations.
- Security awareness training for all staff.
- Documented change management and secure software development practices.
- A formal incident response process running 24/7.
4. Data Protection
We process personal data in line with our Privacy Policy and, where we act as a processor, our Data Processing Addendum. Engagement deliverables and client data are handled under strict confidentiality and need-to-know access.
5. Reporting a Security Concern
To report a suspected vulnerability in our systems, follow our Responsible Disclosure Policy. For active or suspected incidents, contact our 24/7 incident response line at incident@intelligencex.org.