Security Policy

At NDEX, protecting client data and ensuring compliance with the highest standards of privacy and security is a cornerstone of our operations. We strictly adhere to the protocols of the Ontario Securities Commission and the Privacy Commissioner of Canada, including full compliance with The Personal Information Protection and Electronic Documents Act (PIPEDA).

SOC 2 Certification

In December 2021, NDEX was awarded SOC 2 Type 1 certification by Raymond Chabot Grant Thornton, reflecting our adherence to robust internal controls for security, availability, and confidentiality. We are currently undergoing the SOC 2 Type 2 audit, with completion expected by the end of 2025. This process evaluates the consistent application of these controls over time, offering additional assurance to our clients about the reliability and integrity of our systems.

Penetration Testing

NDEX employs OKIOK, a highly regarded external security firm, to perform regular penetration testing on our network. These tests are designed to simulate real-world cyberattacks, enabling us to identify and address any vulnerabilities proactively. This rigorous approach ensures our network remains secure against evolving threats.

Client-Approved Security Protocols

Our security measures have been reviewed and approved by some of the world’s leading accounting firms, further validating the robustness of our data security procedures and network infrastructure. Their endorsement underscores the trust placed in NDEX by some of the most demanding organizations in the industry.

Canadian Data Processing Guarantee

We guarantee that all outsourced client files will be processed exclusively in Canada by our trained employees using our proprietary application. This commitment ensures compliance with Canadian privacy laws and provides our clients with confidence in the secure and controlled handling of their sensitive financial data.

NDEX remains committed to maintaining and enhancing these exacting standards to safeguard the confidentiality, integrity, and availability of client information.

For additional information about our security policies or related inquiries, please contact our team.