Responsible Disclosure Policy

As a responsible organisation, we take data security and privacy very seriously. It is in our business to protect your confidential information as company secretaries, that duty of confidentially is already ingrained in our best practices.


While not going into details so as to expose our vulnerabilities, we have taken the liberty to provide you with some general information below to assure you and give you confidence in how we secure the data entrusted to us.


Data Security
• We use the most current and up-to-date application from AWS Cloud Server and Google Cloud.
• We have DDOS mitigation in place.
• We constantly looking to upgrade our security features and more.
• We are registered with SSM Biztrust.


Protection from Data Loss, Corruption
• All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other.
• Segmented services independently, dockerised and using container orchestra to minimise crash and maximise the potential to scale.


Application Level Security
• iCompany account passwords are hashed. Our own people cannot even view them. If you lose your password, you have no other choice but to reset.
• All login pages (from our website and across all platforms) pass data via TLS 1.2 or higher.
• The entire iCompany architecture and application is encrypted with TLS 1.2 or higher.
• Login pages and logins via our very own API have brute force protection.
• We perform regular external security penetration tests throughout the year using different vendors. The tests conforms with CREST standard.


Internal IT Security
• iCompany office are secured by facial recognition access only and are monitored with infrared cameras throughout. The surrounding parameters are patrolled by security personnel.
• No third party or guest are allowed to enter without invitation.
• Our office network is heavily segmented and centrally monitored. Our internet security is provided by Maxis Business Solutions.
• We have internal policies in place on accessing network and internet.
• Our employees attend regular trainings and classes.


Internal Protocol and Education
• We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
• Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks prior to employment.
• All employees sign our Confidentiality Obligation Policy (COP) outlining their responsibility in protecting customer data.


iCompany is committed to ensuring the security of our services and customer information. As part of this commitment, we encourage security researchers to contact us to report any potential weaknesses identified in any product, system, or asset belonging to iCompany.


This message is not intended to represent a public bug bounty program and we make no offers of reward or compensation for submitting any potential issues. We appreciate your commitment to improving iCompany services.


If you have any questions regarding this Responsible Disclosure Policy, please email us at [email protected]