Security at Inkit
Data Security is Inkit’s top priority.
Put simply, this means that data security is built-in to both our operations and our products from the ground-up, via:
.svg)
.svg)
Inkit's Built-In Security
All the PII you hold will be automatically encrypted by Inkit
Set custom access controls so only authorized roles can access specific folders and documents
.svg)
Documents can be set to “self-destruct” automatically after a number of views, days, or on a fixed date
Secure your organization’s access by introducing 2FA to Inkit logins
.svg)
Track every event and action made by your users and systems in Inkit (like who viewed a certain document and when)
.svg)
Secure your workflow outside of Inkit by configuring triggers and events between your systems and Inkit’s API
.svg)
Staff responsible for your data security can be notified immediately when your most important documents are rendered and viewed
.svg)
Link Inkit to your existing login security with SSO support
.svg)
Eliminate the need for manual exports of sensitive documents and reduce the risk of “floating documents”
.svg)
Some information should only be viewed once and then automatically restricted – Inkit’s one-time-viewing provides the solution
.svg)
Inkit’s API safely and seamlessly integrates with your existing systems and processes
Secure Personnel
All Inkit Inc contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who have a need to access sensitive or internal information.
.svg)
.svg)
.svg)
.svg)
We embed the culture of security into our business by conducting employee security training & testing using current and emerging techniques and attack vectors.
Inkit’s Security Team
Organization-wide protection isn’t just limited to the initial build of operations and products. Inkit’s security professionals are the manual backbone that ensures the continuous maintenance and improvement of our digital security systems. Their preventative measures revolve around the three security pillars of Monitoring, Risk Analysis, and Mitigation – each of which are achieved through:
.svg)
.svg)
.svg)
Compliance Program & SOC2 Certification
As with Inkit’s overarching security commitments, we also have a team dedicated to maintaining Inkit’s binding Data Processing Addendum. This means our customers can feel 100% confident that their data protection needs are being addressed in-line with a full security documentation pack. To further this assurance, Inkit is fully SOC2 Compliant.
Secure Personnel
As well as Inkit’s own operational security, our products are also built with Data Security as their guiding principle. As referenced in the Penetration Testing section of this page, each of Inkit’s products are tested for security vulnerabilities regularly. Outside of their own security, Inkit’s products were developed to help our customers take control of their own Data Security. In particular, Inkit’s customizability allows organizations to adapt its capabilities so their paperless operations comply with virtually any security standard (through features such as: AES 256 Encryption, Document Self-Deletion, 2FA Support, and more). You can discover more about Inkit’s primary security product on:
Secure Development
Penetration testing is performed regularly by reputable third parties to ensure a complete, fair, and realistic assessment of our products’ security.
To support our clear & practical security policies, these reports are available on request. Please email security@inkit.com if you’d like to access them.
Our customers are updated on all relevant security vulnerabilities and enhancements via our changelog at: https://docs.inkit.com/changelog
Vulnerability Reporting
As part of our clear and practical security policies, Inkit welcomes the discovery of any potential security vulnerabilities made by individuals or companies.
Although our continuous monitoring, regular testing, and routine mitigation procedures provide a comprehensive security infrastructure, we still understand the importance of encouraging any external discoveries.
If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Inkit systems, please email security@inkit.com
To support a timely and effective response to your report, please include any of the following:
Inkit takes all vulnerability reports seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it.
After an initial reply to your disclosure, which should be directly after receiving it, we will update you periodically with our response and remediation status.
Security issues that we have already assessed for risk and will address include:
- Steps to reproduce or proof-of-concept
- Any relevant tools, including versions used
- Tool output
- HTTPS configuration, including supported TLS versions
- HTTP headers, for purposes including Strict Transport Security, Content Security Policy, and clickjacking/XSS protection
- DNS records including those related to email (SPF, DKIM, DMARC) and certificate issuance (CAA)
Inkit Inc was audited by Prescient Assurance , a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc. For more information about Prescient Assurance, you may reach out them at info@prescientassurance.com