Home Security

We hold ourselves to the same standard we test for

ieFyx is operated by iSpyCyber, a CERT-In certified security firm. The same rigor we apply to client engagements — continuous testing, evidence-based controls, and compliance mapping — runs on our own platform.

CERT-In Certified Operations

Our infrastructure and processes are managed by a team operating under CERT-In empanelment for security testing.

Encryption Everywhere

Data is encrypted in transit using TLS and at rest, with access governed by least-privilege role-based controls.

Continuous Internal Testing

We run our own exposure management and vulnerability management modules against our own infrastructure.

Multi-Tenant Isolation

Customer data is logically isolated by tenant, with strict access boundaries enforced at the platform level.

Incident Response Readiness

Our team has run real incident response engagements — including CERT-In reporting workflows — and applies the same playbooks internally.

Responsible Disclosure

Found a security issue with ieFyx? We welcome responsible disclosure — see contact details below.

Compliance Alignment

Frameworks we map to

ieFyx's own compliance posture is tracked using the same module we provide to customers.

Internal Framework Coverage
SOC 2 Type II
Trust Service Criteria mapped
Active
ISO 27001
Information security management
Ready
CERT-In Guidelines
Empanelment maintained
Active

Responsible Disclosure

If you've identified a potential security vulnerability in the ieFyx platform or website, we want to hear from you. Please report it to security@iefyx.com with as much detail as possible, including steps to reproduce.

We ask that you:

  • Give us reasonable time to investigate and remediate before public disclosure
  • Avoid accessing, modifying, or deleting data that isn't your own
  • Do not perform testing that could degrade service for other users

We aim to acknowledge reports within two business days and will keep you updated on remediation progress.

Questions about our security practices?

Our team is happy to walk through our security posture as part of your vendor review process.

Contact Us

Vulnerability Disclosure Policy (VDP)

We welcome responsible disclosure of security vulnerabilities in our platform. If you discover a potential security issue, please contact us privately before any public disclosure.

1
Email findings to security@iefyx.com with a clear description, reproduction steps, and impact assessment.
2
We will acknowledge receipt within 24 hours and provide a remediation timeline within 5 business days.
3
We request a 90-day coordinated disclosure window before any public release of vulnerability details.

We do not pursue legal action against researchers who act in good faith and adhere to this policy.