Security as an engineering discipline.
Zero major security incidents in nine years. Over $2.4B in TVL secured. This page explains how — our security practices, certifications, and the rigor we apply to every engagement.
Major incidents
Zero breaches, exploits, or material security events in nine years of operation.
TVL secured
Cumulative value locked in smart contracts we’ve engineered and audited.
Incident response
Maximum time from detection to notification for any material security event.
01 / PRACTICES
Our six security disciplines.
Practices we apply to every engagement — and live by internally.
Access control
Hardware security keys (YubiKey) required for all production access. Role-based permissions with least-privilege defaults. Quarterly access reviews.
Encryption
AES-256 at rest, TLS 1.3 in transit. Customer data isolated in dedicated tenants. Hardware-backed key storage for production secrets.
Vendor security
All third-party services undergo security review. SOC 2 Type II required for data processors. Annual security questionnaires.
Code security
Mandatory code review, automated security scanning (CodeQL, Semgrep), dependency vulnerability monitoring, signed commits.
Incident response
24hr notification SLA for material incidents. Runbooks for common scenarios. Quarterly tabletop exercises.
Security training
Mandatory security training for all team members. Annual refreshers. Regular phishing simulations and red-team exercises.
02 / COMPLIANCE
Certifications and compliance.
We invest seriously in compliance — it’s a signal of operational maturity, not a checkbox.
Found something? Tell us.
We run a responsible disclosure program. Report vulnerabilities to security@itechsoftsolutions.com. We respond within 24 hours, triage within 5 days, and reward valid findings via our bug bounty.