iX is committed to protecting customer data through a comprehensive, risk-based information security program aligned with international best practices, including ISO/IEC 27001, the NIST Cybersecurity Framework, SOC 2 (SSAE-18), and applicable data protection laws such as UK GDPR and EU GDPR.
Infrastructure & Network Security
Our systems are hosted in enterprise-grade data centres that maintain independent certifications, including SOC 1, SOC 2 Type II, ISO 27001, and PCI DSS. Network environments are protected by next-generation firewalls, intrusion detection and prevention systems (IDS/IPS), and continuous vulnerability scanning.
All environments are segmented to ensure that systems and data are isolated according to the principle of least privilege.
Encryption & Data Protection
All data transmitted between customers and iX is protected using TLS 1.2 or higher.
Sensitive data stored by iX is encrypted at rest using industry-standard AES-256 encryption or equivalent cryptographic controls. Passwords are never stored in plaintext or reversible form and are protected using salted, one-way cryptographic hashing algorithms.
Access Control & Monitoring
Access to systems and customer data is restricted to authorized personnel based on least-privilege and role-based access controls (RBAC). Multi-factor authentication (MFA) is required for administrative and privileged access.
All access and security-relevant activity is logged, monitored, and reviewed for anomalies and compliance.
Data Residency & Privacy
Customer data is processed and stored in its designated geographic region and is not transferred across jurisdictions unless contractually required or legally permitted. For example, data collected in the United Kingdom is hosted and processed within the UK or other approved jurisdictions in accordance with UK GDPR.
Vulnerability & Patch Management
iX performs continuous vulnerability scanning and conducts independent penetration tests at least annually.
Identified vulnerabilities are remediated based on documented risk-based service level targets.
Backup, Availability & Disaster Recovery
Customer data is backed up daily and stored in secure, geographically separate locations.
Our infrastructure includes redundancy, automated failover, and disaster recovery controls designed to support high availability and business continuity.
Incident Response
iX maintains a documented Incident Response Plan to detect, investigate, contain, and remediate security incidents.
Customers are notified of confirmed data breaches without undue delay and in accordance with applicable regulatory requirements.
Compliance & Assurance
Our security controls are designed to align with the requirements of SOC 2 (SSAE-18), ISO/IEC 27001, PCI DSS, and NIST SP 800-53. Independent audits and internal risk assessments are conducted regularly to validate our controls and continuously improve our security posture.
If you have any questions regarding this security statement, please contact us