Security & Compliance at IMR Technologies
How we protect customer data and infrastructure today, and the independent certifications we are working toward.
Compliance and Certification are not the same thing
Compliance means we follow a standard or law and have implemented the corresponding controls internally. Certification means an accredited, independent auditor has formally verified those controls against the standard and issued a certificate. GDPR and DPDPA are laws — there is no official government "GDPR Certified" or "DPDPA Certified" credential to obtain. For those, we describe our posture as compliant or readiness in progress. For ISO 27001 and SOC 2, which are certifiable, we only use the word certified once an accredited body has actually issued that certificate — see our roadmap below for current status.
What we do today
These are operating practices in place across our platform and datacenter now — not certifications.
Information Security Management Program
A documented ISMS covering policy, risk management, asset inventory, and control ownership across our datacenter, cloud, and application environments.
DPDPA Readiness Framework
Consent and notice practices, data principal rights handling, breach notification procedures, and retention limits aligned to India’s Digital Personal Data Protection Act.
GDPR-Aligned Privacy Controls
Lawful-basis documentation, records of processing, data subject rights workflows, and processor agreements aligned to GDPR accountability principles.
Secure Datacenter Operations
Our Hyderabad private datacenter runs on a segmented network with monitored physical access, redundant power, and managed VMware infrastructure.
Role-Based Access Control (RBAC)
Least-privilege access across staff and customer-facing systems, with role assignment reviewed and logged.
Backup & Disaster Recovery Processes
Scheduled backups, snapshot-based recovery points, and documented disaster-recovery procedures for hosted and managed environments.
Incident Response Procedures
A defined process for identifying, containing, and communicating security incidents, including customer notification steps.
Security Monitoring & Logging
Centralized audit logging and event monitoring across the platform, with anomaly review for administrative and access activity.
Certification Roadmap
Our phased plan for pursuing formal, independently-audited certifications — starting with ISO 27001, the most relevant credential for a datacenter, cloud, SAP hosting, and managed services provider.
Phase 1 — Immediate
ISO/IEC 27001
Information Security Management System — control mapping and evidence collection in progress
ISO 9001
Quality Management System — structured service delivery processes
DPDPA
Compliance program implementation (India)
GDPR
Readiness program for accountability obligations
Phase 2 — As IMRTech Grows
SOC 2 Type I
Trust Services Criteria — security, availability, confidentiality
ISO/IEC 27701
Privacy Information Management System (ISO 27001 extension)
Phase 3 — Enterprise Scale
SOC 2 Type II
Extended-period operating-effectiveness attestation
ISO 22301
Business Continuity Management System
ISO/IEC 20000-1
IT Service Management System
Want this compliance tracking capability for your own company? Explore our Security & Compliance software