Security & Compliance

ItemIQ maintains published security and compliance policies to protect user data and meet partner and regulatory requirements. All policies are publicly available and regularly reviewed.

Published Policies

Access Control Policy

Our organization has a published access control policy and restricts personal data access to systems based on the principle of least privilege. Access is role-based, requires authorization, and is reviewed periodically.

Data Classification Policy

Our organization has a published data classification policy and encrypts sensitive data both in-transit (TLS 1.2+) and at-rest (AES-256). Data is classified by sensitivity and handled accordingly.

Incident Response Policy

Our organization has a published incident response policy with clarified roles and responsibilities (Incident Response Lead, Technical Team, Communications), as well as defined incident reporting and communication channels (security@itemiq.com, incidents@itemiq.com).

Vulnerability & Threat Management Procedure

Our organization has a vulnerability and threat management procedure in place. We identify vulnerabilities through scanning, advisories, and assessments; assess and prioritize them; remediate according to severity-based timeframes; and track until closure.

Additional Resources

Contact

For security or compliance inquiries:

Email: security@itemiq.com