Trust Center
The security of your data is our business.
io4 is a Microsoft Solutions Partner, compliant with Law 25, and applies enterprise-grade security practices. Here's how.
Our internal practices
Six rules we apply to ourselves.
Strong authentication
MFA required for any access to client environments.
Principle of least privilege
Granular, audited client access, automatically revoked at the end of the mandate.
End-to-end encryption
Client data encrypted at rest and in transit. Centralized secrets vault.
Audit and logging
Every action by an io4 expert on a client environment is logged and auditable.
Regular penetration testing
Our infrastructure and processes are audited by third parties every year.
Vetted subcontractors
All our subcontractors sign confidentiality and Law 25 compliance commitments.
Hosting and jurisdiction
Your data stays in Canada.
Unless explicitly agreed otherwise, all data processed as part of our mandates is hosted exclusively in the Microsoft Canada Central and/or Canada East regions, or Microsoft France for our European clients. io4's internal tools (CRM, projects, communications) use the same Canadian regions. Our subcontractors are vetted and contractually commit to comply with Law 25.
30 minutes to frame what matters.
A direct conversation with one of our experts. No commitment, no sales pitch. You leave with a clear, reasoned perspective on your situation.
