Trust & Transparency Hub

Start your security review
View & download sensitive information
Ask for information
Search items

Privacy at core, Security at forefront

At Yubi, Trust and Transparency are our first priority.

State-of-the-art security & privacy are built into our products and services, explore more by requesting access to this hub.

This hub helps you understand and periodically evaluate our posture with regard to protection of your data and helps you learn the latest developments at Yubi in compliance to legal and regulatory requirements.

Compliance

CSA STAR Logo
CSA STAR
FIPS 140-2 Logo
FIPS 140-2
ISO 22301 Logo
ISO 22301
ISO 27001 Logo
ISO 27001
ISO 27701 Logo
ISO 27701
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Ask for information

Yubi is reviewed and trusted by Leading Banking Partners, Audit Firms and 750+ Lenders

Deloitte-company-logoDeloitte
CERT-In-company-logoCERT-In
State Bank of India-company-logoState Bank of India
DBS Bank-company-logoDBS Bank
HDFC Bank-company-logoHDFC Bank
Axis Bank-company-logoAxis Bank
SBM Bank India-company-logoSBM Bank India
HDFC Limited-company-logoHDFC Limited
YES BANK-company-logoYES BANK
Federal Bank-company-logoFederal Bank
IDBI Bank-company-logoIDBI Bank
Indian Bank-company-logoIndian Bank
Canara Bank-company-logoCanara Bank
HSBC-company-logoHSBC
HDB Financial Services-company-logoHDB Financial Services
KPMG-company-logoKPMG
PwC-company-logoPwC
Bank of India-company-logoBank of India

Documents

Network Diagram
SOC 2 Report
VA/Pentest Report
ISO 22301
ISO 27001
ISO 27701

Risk Profile

Data Access Level
Impact Level
Recovery Time Objective
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
SOC 2 Report
VA/Pentest Report

Self-Assessments

CAIQ
CAIQ Lite

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Bot Detection
Code Analysis
View more

Data Privacy

Data Breach Notifications
Data Into System
Data Out of System
View more

Access Control

Logging
Password Security

Infrastructure

Amazon Web Services
Anti-DDoS
BC/DR
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

Data Loss Prevention
DNSSEC
Firewall
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Trust Center Updates

📣 Exciting News! 🎉 Yubi is Now ISO 27701 Certified for Data Privacy and Protection!

ComplianceCopy link

We are thrilled to announce that Yubi has successfully achieved ISO 27701 certification, a prestigious milestone that underlines our dedication to safeguarding customer data and privacy. This certification is a significant step in our journey to providing the highest level of data protection and enhancing trust with our valued customers.

ISO/IEC 27701:2019 is a data privacy extension to ISO 27001, and obtaining this certification demonstrates our commitment to adhering to global best practices in privacy information management. Our Privacy Information Management System (PIMS) is now aligned with ISO 27701 standards, ensuring that we implement, maintain, and continually improve robust privacy controls.

So, what does this mean for our customers?

🛡️ Enhanced Data Protection: Customers can rest assured that their personally identifiable information (PII) is in safe hands. Our ISO 27701 certification signifies our prioritization of data privacy and security.

🗝️ Compliance with Regulations: We have taken the necessary measures to comply with data protection regulations, including GDPR and other relevant laws. Our customers' data will be handled in full accordance with these requirements.

⚙️ Reduced Privacy Risks: Our proactive approach to privacy risk management means that the likelihood of data breaches and privacy incidents is significantly minimized.

📜 Transparent Data Practices: We believe in clear communication with our customers about how their data is processed, and this certification reinforces our commitment to transparency.

🚨 Data Breach Preparedness: Our incident response plan ensures that we are fully prepared to handle any potential data breaches effectively.

🏆 Competitive Advantage: ISO 27701 certification sets us apart as a company that values and protects customer privacy. Our dedication to data privacy gives us a competitive edge in the market.

🔄 Continuous Improvement: We don't stop here. Our commitment to continual improvement means that we will always strive to enhance our privacy practices as technology and regulations evolve.

At Yubi, we recognize the trust our customers place in us, and achieving ISO 27701 certification is a testament to our dedication to maintaining that trust. We thank all our customers for their ongoing support and look forward to providing them with even more secure and exceptional services in the future.

Together, we will continue to prioritize data privacy and work towards a safer digital environment for everyone. Thank you for being part of this exciting journey! 🌟

Published at N/A

Yubi Not Impacted by MOVEit transfer

IncidentsCopy link

CERT-In Advisory - CIVN-2023-0167

Yubi wants to assure our valued customers that our systems remain unaffected by the MoveIT vulnerability. In light of recent concerns, we understand the importance of addressing potential security risks promptly.

Rest assured, Yubi has taken proactive measures to ensure the security and privacy of our client's information. We do not utilize MoveIT within our infrastructure. Our robust security measures, including firewalls, encryption protocols, and regular security audits, help protect against potential threats. That's why we want to highlight the advisory released by CERT-In through vulnerability note CIVN-2023-0167, which provides valuable insights into the MoveIT vulnerability. We encourage you to review the advisory to stay informed about the risks associated with the vulnerability.

We remain committed to maintaining a secure environment for our customer's data and will continue to invest in the necessary resources to uphold the highest security standards.

Don't hesitate to contact our dedicated customer support team for any questions or concerns. We value your trust in Yubi and are here to provide you with a secure and reliable financial experience.

Published at N/A

Yubi's security team became aware of the critical MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.

We want our customers to know that Yubi is not impacted by this vulnerability.

We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.

Published at N/A

Yubi Becomes India’s First Fintech Company To Achieve The SOC 2 Type II Attestation For Data Security And Privacy

ComplianceCopy link

A Service Organisation Control (SOC) 2 Type II Attestation is given after a successful audit of how a service provider handles sensitive information.

The audit ensures that Yubi meets the five Trust Service Principles (TSPs): security, privacy, availability, confidentiality, and processing integrity. Yubi is also ISO 22301 (Business Continuity Management Systems), and ISO 27001 (Information Security Management Systems) certified.

Yubi, the world’s first unified credit platform for corporates and lenders, has become the first Indian fintech company to achieve the SOC 2 Type II attestation. Earning this attestation means that Yubi has been successfully audited by one of the ‘Big Four’ firms against the rigorous TSPs and implementation of controls in accordance with the international security and availability standards set by the American Institute of Certified Public Accountants (AICPA).

SOC 2 Type II Attestation by the AICPA was awarded to Yubi after a successful audit between July and December 2022.

Commenting on the development, Araveinth Gopinath, Chief Information Security Officer, Yubi, said, “On our journey to deepen debt markets and provide access to capital to enterprises in India, at Yubi, we have made significant investments to enhance and build a highly secure infrastructure. We are proud and thrilled to have achieved the SOC 2 Type II attestation in record time. The extensive independent audit process confirms that our platform meets the highest security and privacy standards and gives our customers the confidence they need to trust our platform with their data.”

As a SOC 2 Type II compliant company, Yubi has achieved enterprise-grade security in the below domains:

Product security: Cloud (Virtualised) environment, source code protection, identity and access management.

Data security: Data processing agreements, backups & data redundancy, data encryption, availability (Business continuity).

Network security: Encrypted communications, protection from external attacks.

Application security: Secure coding, penetration testing, automated code security checks, continuous assessments.

Business Security: Background checks, confidentiality, security awareness training, breach notifications.

As a product-first and customer-first leader in the credit ecosystem, data has always been at the core of Yubi. Hence, it is imperative that the highest levels of data protection measures are undertaken to serve customers in their best interest and meet evolving regulatory guidelines. This achievement is a testament to Yubi’s commitment to security and privacy.

Physical security: Visitor management, 24-hour office surveillance, and more.

Yubi already has ISO 22301 (Business Continuity Management Systems) and ISO 27001 (Information Security Management Systems) to its credit. The company has also successfully implemented Zero Trust Architecture, Open Extended Detection and Response (XDR) integration (NG-SIEM, NDR & SOAR(1)) for Security Operations, Aadhaar Vault for UIDAI compliance, Endpoint Detection and Response (EDR), and many more such controls to promote the highest level of data privacy and security.

(1)Next-Generation Security Information and Event Management (NG-SIEM), Network Detection and Response (NDR), Security Orchestration, Automation and Response (SOAR)

Published at N/A

SOC 2 and ISO Updates

GeneralCopy link

We're pleased to announce that we recently completed our ISO 27001, ISO 27701 and SOC 2 audits! As such, our updated ISO certificates and SOC 2 report are now available.

Published at N/A

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo