Trust & Transparency Hub

We are thrilled to announce that Yubi has successfully achieved ISO 27701 certification, a prestigious milestone that underlines our dedication to safeguarding customer data and privacy. This certification is a significant step in our journey to providing the highest level of data protection and enhancing trust with our valued customers.

ISO/IEC 27701:2019 is a data privacy extension to ISO 27001, and obtaining this certification demonstrates our commitment to adhering to global best practices in privacy information management. Our Privacy Information Management System (PIMS) is now aligned with ISO 27701 standards, ensuring that we implement, maintain, and continually improve robust privacy controls.

So, what does this mean for our customers?

🛡️ Enhanced Data Protection: Customers can rest assured that their personally identifiable information (PII) is in safe hands. Our ISO 27701 certification signifies our prioritization of data privacy and security.

🗝️ Compliance with Regulations: We have taken the necessary measures to comply with data protection regulations, including GDPR and other relevant laws. Our customers' data will be handled in full accordance with these requirements.

⚙️ Reduced Privacy Risks: Our proactive approach to privacy risk management means that the likelihood of data breaches and privacy incidents is significantly minimized.

📜 Transparent Data Practices: We believe in clear communication with our customers about how their data is processed, and this certification reinforces our commitment to transparency.

🚨 Data Breach Preparedness: Our incident response plan ensures that we are fully prepared to handle any potential data breaches effectively.

🏆 Competitive Advantage: ISO 27701 certification sets us apart as a company that values and protects customer privacy. Our dedication to data privacy gives us a competitive edge in the market.

🔄 Continuous Improvement: We don't stop here. Our commitment to continual improvement means that we will always strive to enhance our privacy practices as technology and regulations evolve.

At Yubi, we recognize the trust our customers place in us, and achieving ISO 27701 certification is a testament to our dedication to maintaining that trust. We thank all our customers for their ongoing support and look forward to providing them with even more secure and exceptional services in the future.

Together, we will continue to prioritize data privacy and work towards a safer digital environment for everyone. Thank you for being part of this exciting journey! 🌟

CERT-In Advisory - CIVN-2023-0167

Yubi wants to assure our valued customers that our systems remain unaffected by the MoveIT vulnerability. In light of recent concerns, we understand the importance of addressing potential security risks promptly.

Rest assured, Yubi has taken proactive measures to ensure the security and privacy of our client's information. We do not utilize MoveIT within our infrastructure. Our robust security measures, including firewalls, encryption protocols, and regular security audits, help protect against potential threats. That's why we want to highlight the advisory released by CERT-In through vulnerability note CIVN-2023-0167, which provides valuable insights into the MoveIT vulnerability. We encourage you to review the advisory to stay informed about the risks associated with the vulnerability.

We remain committed to maintaining a secure environment for our customer's data and will continue to invest in the necessary resources to uphold the highest security standards.

Don't hesitate to contact our dedicated customer support team for any questions or concerns. We value your trust in Yubi and are here to provide you with a secure and reliable financial experience.

Yubi's security team became aware of the critical MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers to know that Yubi is not impacted by this vulnerability.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

A Service Organisation Control (SOC) 2 Type II Attestation is given after a successful audit of how a service provider handles sensitive information.

The audit ensures that Yubi meets the five Trust Service Principles (TSPs): security, privacy, availability, confidentiality, and processing integrity. Yubi is also ISO 22301 (Business Continuity Management Systems), and ISO 27001 (Information Security Management Systems) certified.

Yubi, the world’s first unified credit platform for corporates and lenders, has become the first Indian fintech company to achieve the SOC 2 Type II attestation. Earning this attestation means that Yubi has been successfully audited by one of the ‘Big Four’ firms against the rigorous TSPs and implementation of controls in accordance with the international security and availability standards set by the American Institute of Certified Public Accountants (AICPA).

SOC 2 Type II Attestation by the AICPA was awarded to Yubi after a successful audit between July and December 2022.

Commenting on the development, Araveinth Gopinath, Chief Information Security Officer, Yubi, said, “On our journey to deepen debt markets and provide access to capital to enterprises in India, at Yubi, we have made significant investments to enhance and build a highly secure infrastructure. We are proud and thrilled to have achieved the SOC 2 Type II attestation in record time. The extensive independent audit process confirms that our platform meets the highest security and privacy standards and gives our customers the confidence they need to trust our platform with their data.”

As a SOC 2 Type II compliant company, Yubi has achieved enterprise-grade security in the below domains:

Product security: Cloud (Virtualised) environment, source code protection, identity and access management.

Data security: Data processing agreements, backups & data redundancy, data encryption, availability (Business continuity).

Network security: Encrypted communications, protection from external attacks.

Application security: Secure coding, penetration testing, automated code security checks, continuous assessments.

Business Security: Background checks, confidentiality, security awareness training, breach notifications.

As a product-first and customer-first leader in the credit ecosystem, data has always been at the core of Yubi. Hence, it is imperative that the highest levels of data protection measures are undertaken to serve customers in their best interest and meet evolving regulatory guidelines. This achievement is a testament to Yubi’s commitment to security and privacy.

Physical security: Visitor management, 24-hour office surveillance, and more.

Yubi already has ISO 22301 (Business Continuity Management Systems) and ISO 27001 (Information Security Management Systems) to its credit. The company has also successfully implemented Zero Trust Architecture, Open Extended Detection and Response (XDR) integration (NG-SIEM, NDR & SOAR(1)) for Security Operations, Aadhaar Vault for UIDAI compliance, Endpoint Detection and Response (EDR), and many more such controls to promote the highest level of data privacy and security.

(1)Next-Generation Security Information and Event Management (NG-SIEM), Network Detection and Response (NDR), Security Orchestration, Automation and Response (SOAR)

We're pleased to announce that we recently completed our ISO 27001, ISO 27701 and SOC 2 audits! As such, our updated ISO certificates and SOC 2 report are now available.