Security & Trust Center

Enterprise Security, Transparently Explained

We take a security-first approach to every engagement. From data residency to encryption standards — here is exactly how we protect your organization.

Request Security Brief security@kerdos.in

Compliance & Certifications

Built to Enterprise Standards

Our security posture is designed for regulated industries — healthcare, finance, government, and critical infrastructure.

Aligned

ISO 27001 Aligned

Our information security management system follows ISO 27001 principles — risk assessment, access control, and continuous security improvement.

Compliant

DPDP Compliant

Fully aligned with India's Digital Personal Data Protection Act 2023. Lawful processing, data minimisation, and user rights built in from day one.

Audit Ready

SOC 2 Type II Ready

Architecture designed to support SOC 2 Type II audits — covering security, availability, confidentiality, and processing integrity trust principles.

Active

Zero-Trust Network

No implicit trust across our infrastructure. Every request is authenticated, encrypted in transit (TLS 1.3), and authorised against least-privilege policies.

India Hosted

India-First Data Residency

Enterprise deployments default to Indian data centres. On-premise and private cloud options ensure your data never leaves your jurisdiction.

<2hr Notification

Incident Response SLA

Critical security incidents: 2-hour notification. Full root-cause analysis delivered within 72 hours. Dedicated security hotline for enterprise clients.

Technical Controls

Security Controls At-a-Glance

Every Kerdos engagement includes a baseline set of technical and organisational security controls — plus additional hardening for regulated industry clients.

Request Full Security Questionnaire

AES-256 encryption at rest

TLS 1.3 encryption in transit

Multi-factor authentication (MFA)

Role-based access control (RBAC)

Automated vulnerability scanning

Annual penetration testing

Immutable audit logs

Automated backup & DR

Private LLM deployment option

Air-gapped deployment available

NDA on request for all clients

Subprocessor transparency list

Transparency

Data Processing & Subprocessors

Data Processing Agreement

Enterprise clients receive a full DPA outlining controller/processor responsibilities, data categories, and retention schedules.

Request DPA →

Subprocessor List

We maintain a public register of all third-party subprocessors used in delivering our services — updated quarterly.

View Subprocessors →

Penetration Testing

Annual third-party penetration tests are conducted on our core platforms. Summaries available to enterprise clients under NDA.

Request Report →

MCA Registered Company

Kerdos Infrasoft Private Limited · CIN: U62099KA2023PTC182869

Incorporated: 2023-12-29 · Private Company (Company limited by shares)

Verify on MCA Portal ↗

Security Questions or Concerns?

Our security team responds to all enterprise inquiries within 2 business hours. For vulnerability disclosures, use our responsible disclosure process.

Contact Security Team General Enquiry