Trusted Since 2005| +202 2705 2005| [email protected]| 1 to 3 Year Warranty as Standard| Ships Worldwide to 100+ Countries| Every Part Fully Tested & Certified| 500,000+ Enterprise Parts In Stock| Dell · HPE · IBM · Lenovo · Cisco|Trusted Since 2005| +202 2705 2005| [email protected]| 1 to 3 Year Warranty as Standard| Ships Worldwide to 100+ Countries| Every Part Fully Tested & Certified| 500,000+ Enterprise Parts In Stock| Dell · HPE · IBM · Lenovo · Cisco

Security Statement

Security Statement

Request a QuoteContact Sales

Security Statement — ICD

Effective date: April 21, 2026

ICD takes the security of customer data, payment information, and infrastructure seriously. This Security Statement describes the technical and organisational controls in place on icd3s.com, icloudist.com, and our back-office systems.

1. Website Security

  • HTTPS/TLS site-wide — all traffic encrypted via Let’s Encrypt certificates, auto-renewed
  • HTTP Strict Transport Security (HSTS) enforced to prevent downgrade attacks
  • Content Security Policy (CSP) restricts script sources to trusted origins
  • X-Frame-Options prevents clickjacking
  • X-Content-Type-Options prevents MIME-type sniffing
  • Referrer-Policy limits data leakage across navigation
  • Permissions-Policy restricts access to sensor and media APIs

2. Application Security

  • Web Application Firewall — Wordfence enterprise rules, signature-based and heuristic detection
  • Rate limiting on RFQ form submission (5 per IP per hour) and login (brute-force protection)
  • reCAPTCHA v3 on RFQ submissions to prevent automated abuse
  • Login URL obfuscation via WPS Hide Login
  • Limit Login Attempts — brute-force lockout after 5 failed attempts
  • XML-RPC blocked — disabled at nginx layer to eliminate common attack vector
  • File permissions enforced per WordPress hardening guide
  • DISALLOW_FILE_EDIT — admin theme/plugin editor disabled

3. Payment Card Data (PCI DSS)

ICD does not store, process, or transmit raw payment card numbers on its servers. All card transactions are handled as follows:

  • Card data is entered directly into a PCI DSS Level 1 certified acquirer‘s secure form
  • Our systems receive only a tokenised reference to the transaction, not the card number
  • Refunds and chargebacks are processed via the acquirer’s secure API using the token
  • All card transactions use 3D Secure authentication
  • ICD qualifies as an SAQ-A merchant under PCI DSS scope for this integration pattern

4. Personal Data Security (PDPL Law 151/2020)

  • Access to customer data restricted by role — sales, finance, support, engineering each see only what is necessary
  • Audit logging on all administrative actions in ERPNext and WordPress
  • Encrypted database connections (TLS) between application and MariaDB
  • Sensitive fields encrypted at rest (passwords via Fernet, payment tokens via acquirer-side encryption)
  • Regular user-access reviews
  • Staff trained on data protection and confidentiality

5. Infrastructure Security

  • Linux server with automatic security updates
  • Nginx hardened configuration, fail2ban for brute force
  • PHP-FPM with restricted open_basedir
  • MariaDB with non-default ports, IP allow-list, strong passwords
  • Redis binding to localhost only, password protected
  • Backups — automated daily backups of database and files, encrypted at rest, retained 30 days
  • Monitoring — uptime and security alerts via dedicated monitoring service

6. Data Destruction

End-of-life data bearing devices are destroyed under our certified ICD Data Shield program:

  • Level 1 — NIST 800-88 Purge via Blancco Drive Eraser
  • Level 2 — NIST 800-88 Purge + degauss (NSA/CSS EPL)
  • Level 3 — Purge + degauss + physical destruction with video evidence

Certificates of destruction are issued for each event.

7. Incident Response

  • Detection — Wordfence alerts, uptime monitoring, log analysis
  • Triage — within 2 hours of alert during business hours
  • Containment — isolate affected systems, rotate credentials
  • Investigation — root cause analysis, impact assessment
  • Notification — affected customers notified without undue delay; regulators notified within 72 hours per PDPL Article 35 when required
  • Remediation and lessons learned

8. Responsible Disclosure

If you discover a security vulnerability, please email [email protected] with:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your contact information

We acknowledge within 48 hours, investigate, and credit researchers where appropriate. We do not pursue legal action against good-faith researchers who follow responsible disclosure.

9. Third-Party Assessments

ICD engages third-party penetration testing annually on customer-facing systems. Findings are remediated per severity (critical within 7 days, high within 30 days, medium within 90 days).

10. Compliance Roadmap

  • ISO/IEC 27001 — information security management system (in progress)
  • NAID AAA — data destruction accreditation (in progress)
  • R2v3 — responsible recycling (in progress)
  • Egypt PDPC registration — registered data processor
  • Egypt WMRA licence — hazardous waste handling (for ITAD)

11. Contact

Worldwide Shipping

Fast delivery to 100+ countries

Tested & Certified

Every part fully tested before shipping

Enterprise Grade

Dell, HPE, Lenovo & Cisco parts

Dedicated Support

Expert team for quotes & technical help