Incenter · security & trust
The platform that tests you is held to its own standard.
You’re about to give a testing platform read access to your environment. Here’s exactly what it holds, who can reach it, and what happens if something goes wrong.
01Data handlingIncenter holds the minimum it needs to test and evidence: findings, asset metadata, and read-only context. We don’t exfiltrate your data to prove a point, and destructive actions are never taken. Data residency options on request.
02Access controlsLeast-privilege, scoped credentials for every connected system; role-based access within the platform; full audit logging of who saw and did what. The platform that tests your access is held to its own standard.
03Certified cloud infrastructureIncenter is built on certified, enterprise-grade cloud infrastructure: a hardened, independently audited foundation the most regulated organisations already trust. Your data sits on that baseline, not on something we stood up ourselves.
04Regular security testingThe platform is put through regular security testing itself, so the system that finds your exposures is held to the same scrutiny it applies to you.
05Incident processA defined process for handling any security event affecting the platform or your data, with notification commitments set out in your agreement. We hold ourselves to the response standard we test you against.