DHUBiC logo

DHUBiC Trust Center

Transparency about security, compliance, and infrastructure in one place.

Trust Center

DHUBiC

Build, Operate, and Grow Financial Systems — All in One Platform

Updated on 2026-02-17

DHUBiC (Digital Hubs Inter-Connected) is a next-generation enterprise-grade FinTech platform giving financial institutions full control of their data, operations, and regulatory workflows. Designed cloud-native from the ground up, DHUBiC offers modular, multi-tenant, multi-region deployment with enterprise-grade security and compliance built in. Deploy only what you need — digital onboarding, KYC/AML, transaction processing, reporting, or custom workflows.

ISO/IEC 27001:2022 certified Information Security Management System (ISMS). Enterprise-grade security built for banks, fintechs, and regulated institutions.
ISO/IEC 27001:2022 certified organisation — built and operated under a certified ISMSEnd-to-end encryption using TLS 1.2+ in transit and AES-256 at restCloud-native, multi-region architecture with high availability by designRole-based access controls (RBAC) with fine-grained permissionsImmutable, tamper-proof audit trails — every action logged and time-stampedDigitally signed transactions and reports for regulatory compliance24/7 Enterprise Support

Security Certification

ISO 27001:2022

Certified Information Security Management System (ISMS)

Deployment Model

Multi-Region

Cloud-native global deployment with tenant isolation

Support

24/7

Enterprise support for all customers

Architecture

Multi-Tenant

Isolated and secure per-tenant infrastructure

Available documents

ISO/IEC 27001:2022 Certificate

Certifications

Official ISO 27001:2022 certificate demonstrating DHUBiC's certified ISMS.

Request onlyCertificateISO 27001

Security Overview

Security

Technical overview of DHUBiC security architecture, encryption standards, access controls, audit logging, and compliance posture.

Request onlySecurity

Data Processing Agreement (DPA)

Legal

Standard Data Processing Agreement template covering data processing terms, security obligations, and breach notification procedures.

Request onlyLegalPrivacy

Acceptable Use Policy

Policies

Defines acceptable use of DHUBiC information systems, assets, and resources by employees, contractors, and third parties.

Request onlyPolicyISO 27001

Access Control Policy

Policies

Governs logical and physical access to DHUBiC systems and data. Covers RBAC, provisioning, deprovisioning, and periodic access reviews aligned with ISO 27001:2022.

Request onlyPolicyISO 27001Access Control

Asset Management Policy

Policies

Defines identification, classification, ownership, and lifecycle management of information assets across DHUBiC's infrastructure and operations.

Request onlyPolicyISO 27001

Audit and Monitoring Policy

Policies

Establishes requirements for security monitoring, log management, audit trail integrity, and review of system activity across all environments.

Request onlyPolicyISO 27001Monitoring

Configuration Management Policy

Policies

Defines standards for secure configuration, hardening baselines, and change control of systems, infrastructure, and software components.

Request onlyPolicyISO 27001

Data Classification Policy

Policies

Establishes a data classification framework (Public, Internal, Confidential, Restricted) and handling requirements for each tier.

Request onlyPolicyISO 27001Data Protection

Data Loss Prevention (DLP) Policy

Policies

Defines controls to detect and prevent unauthorised transmission, storage, or exposure of sensitive and classified data.

Request onlyPolicyISO 27001Data Protection

Data Masking Policy

Policies

Specifies requirements for masking, anonymisation, and pseudonymisation of sensitive data in non-production environments and outputs.

Request onlyPolicyISO 27001Data Protection

Data Protection Policy

Policies

Overarching policy governing the processing, storage, and protection of personal and sensitive data in compliance with applicable privacy regulations.

Request onlyPolicyISO 27001Data ProtectionPrivacy

Data Retention and Disposal Policy

Policies

Defines retention schedules for all data categories and procedures for secure disposal of data and physical media at end-of-life.

Request onlyPolicyISO 27001Data Protection

ICT Continuity Policy

Policies

Establishes requirements for continuity of ICT services, including recovery objectives, failover procedures, and resilience of critical systems.

Request onlyPolicyISO 27001Business Continuity

Incident Management Policy

Policies

Defines incident classification, response procedures, escalation paths, notification obligations, and post-incident review requirements.

Request onlyPolicyISO 27001Incident Response

Information Security Policy

Policies

Overarching security governance framework aligned with ISO/IEC 27001:2022. Defines security objectives, roles, responsibilities, and policy management.

Request onlyPolicyISO 27001

Network Security Policy

Policies

Governs network segmentation, perimeter controls, secure remote access, wireless security, and network monitoring requirements.

Request onlyPolicyISO 27001

Password Management Policy

Policies

Defines password complexity, length, rotation, storage, and MFA requirements for all user and service accounts.

Request onlyPolicyISO 27001Access Control

Physical Security Policy

Policies

Establishes controls for physical access to offices, data centres, and equipment. Covers visitor management, clean desk, and secure media disposal.

Request onlyPolicyISO 27001

Risk Management Policy

Policies

Defines the risk assessment and treatment methodology, risk appetite, risk register maintenance, and risk reporting cadence.

Request onlyPolicyISO 27001

Software Development Security Policy

Policies

Mandates secure coding standards, threat modelling, SAST/DAST in CI/CD, dependency scanning, and security review requirements for all software releases.

Request onlyPolicyISO 27001AppSec

Supply Chain Security Policy

Policies

Governs security assessment, onboarding, monitoring, and offboarding of third-party vendors and subprocessors with access to DHUBiC systems or data.

Request onlyPolicyISO 27001Vendor Risk

Training and Awareness Policy

Policies

Defines mandatory security awareness training requirements, frequency, completion tracking, and phishing simulation programmes for all staff.

Request onlyPolicyISO 27001

Vulnerability Management Policy

Policies

Establishes requirements for vulnerability scanning, penetration testing, severity-based remediation SLAs, and patch management across all systems.

Request onlyPolicyISO 27001
Certifications & compliance

ISO/IEC 27001:2022

Scope: Information Security Management System (ISMS) | Certified organisation | Covers product development, customer data processing, and infrastructure operations | Built and operated in full compliance with ISO/IEC 27001:2022 requirements | Publicly stated on company website

Certified

Audit year: 2025

Stack & infrastructure

Hosting: Cloud-native platform designed from the ground up for scalability and resilience. Multi-region deployment with high availability and resource isolation per tenant. Browser-based access — no client installation required.

Encryption: AES-256 encryption at rest | TLS 1.2+ in transit | Digitally signed workflows for transactions, approvals, and reports.

FAQs

Trust team
hello@dhubic.com (SLA Response times available upon request)

Office hours: 24/7 for enterprise customers

Subprocessors
View details

Keep your subprocessors list up to date to increase trust with prospects.