ISO27001

 

SECURITY 


Last update: January 2026 


At AMINDIS, security is a core aspect of both our business practices and company culture. From the earliest stages of product development to project completion, protecting our customers' data remains a top priority.  

The information below outlines our security processes we follow to ensure our customers have full confidence in the safety and integrity of their data: 
 

ORGANIZATIONAL COMMITMENT TO BEST PRACTICES

We ensure separation between our office network and our production environment. These two environments operate on distinct networks and are managed independently. 

 
ACCESS CONTROL 

At AMINDIS, our access approach follows a ‘trust, but verify’ principle.

AMINDIS enforces a strict access control policy requiring unique usernames and the use of strong, complex passwords. 
The security team conducts quarterly user accounts reviews. 
The Human Resources (HR) department plays an active role in the access control process, initiating account lifecycle events such as creation, modification, and deletion of user accounts based on employment status. 
 

OPERATIONAL SECURITY

AMINDIS maintains ownership and control of all assets necessary to deliver its SaaS solutions. All operational activities within our infrastructure are performed by AMINDIS' employees or trusted service providers. AMINDIS only engages with vetted service providers who meet our security, compliance, and operational standards. 
Our operational controls are designed to ensure the secure execution of tasks and uphold proper segregation of duties. 


EMPLOYEE SECURITY TRAINING 

At least once per year, AMINDIS employees undergo security training with a passing grade of 80%. 
Specific training is provided to developers to ensure they can effectively assess the security of our application code. These training materials include recommendations such as the Open Web Application Security Project (OWASP Top 10), promoting industry best practices in secure software development lifecycle. 


DATA CENTER AND ENVIRONMENTAL SECURITY 

Our data centers are equipped with state-of-the-art security and redundancy features designed to ensure continuous protection and high availability. 
Physical security is implemented through a multilayered approach aligned with established security industry standards. Access is strictly controlled using photo ID badges, proximity access cards, biometric scanners, CCTV surveillance, DVR systems, and alarm systems. Visitor access is tightly managed and monitored. 
To maintain uninterrupted operations, each facility is equipped with redundant backup generators supported by fuel reserves sufficient for several days. Generators automatically activate after a power failure, while uninterruptible power supply (UPS) systems bridge the gap to ensure continuous power during this transition. 
Environmental monitoring includes a fire detection system which provide early warnings of potential fire. 
 

BACKUPS, REDUNDANCY, AND RECOVERY

AMINDIS' standard solutions include offsite backups stored securely in a secondary data center to ensure data availability and disaster recovery readiness.


INCIDENT MANAGEMENT

AMINDIS maintains a comprehensive incident management process to effectively handle and respond to potential threats and incidents. 
This process outlines clear procedures for incident response and is overseen by our Teams responsible for managing, investigating, and resolving security incidents. It includes incident investigations, timely communication with customers, third parties, and relevant authorities, as well as impact assessments and the implementation of corrective actions to prevent recurrence and improve overall security posture. 


VULNERABILITY MONITORING 

AMINDIS monitors trusted security alert sources for the latest information on emerging system vulnerabilities. Identified vulnerability is proactively assessed for potential impact on our environment. Additionally, we actively apply updates from our vendors to keep our equipment up-to-date.


CRYPTOGRAPHY 

AMINDIS' solutions employ industry-standard cryptography to protect our customer's data. 
 

PENETRATION TESTING 

AMINDIS partners with independent security firms to conduct comprehensive penetration testing on our application at least once annually. 
 

THIRD-PARTY EVALUATIONS THROUGH ISO 27001 AUDITS 

AMINDIS makes ongoing investments in information security and privacy protection. These efforts have been formally recognized through our ISO certification, providing an independent assessment of the effectiveness of our security program. 

Our ISO 27001:2022 certification demonstrates our commitment to maintaining a robust information security management system. A copy of the certification is available upon request. 
 

CONTACT US 

If you have any questions about our security practices or our ISO 27001:2022 certification, please contact us at infosec@amindis.com.