Trust & Compliance

PensionBox Trust Centre

We are independently audited and ISO 27001 certified. Your pension and NPS data are protected by a globally benchmarked Information Security Management System, which is continuously monitored and verifiable.

Download CertificateVerify on IAF CertSearch
ISO 27001 badge

ISO/IEC 27001:2022 — Information Security Management Systems

Issued by INTERCERT INC. · IAF-accredited (IAS, MSCB-121)

Active

Certified Entity

PensionBox

Legal name: Asht Capital Private Limited

Certificate No.

IC-IS-2604321

Initial Certification

April 29, 2026

Surveillance Audit

April 28, 2027

Recertification Due

April 28, 2029

Standard

ISO/IEC 27001:2022

Scope of Certification

What our ISMS covers

“The Information Security Management System at Asht Capital Private Limited applies to PensionBox, a pension and NPS management platform hosted as a SaaS platform for their clients with the Support Function of IT Infrastructure, Data Privacy, IT & Data Security, Human Resources, & Legal.”

Penetration Testing (VAPT)

Beyond ISO 27001, our web application is regularly tested by independent security researchers using both manual and automated techniques.

🛡️

Vulnerability Assessment & Penetration Testing

Conducted by Riversys Technologies Private Limited (Scrut Automation)

Completed

Assessment Type

Web Application VAPT

Date Completed

February 04, 2026

Methodology

OWASP Top 10 · Manual + Automated

Coverage

Authenticated + Unauthenticated

Frequency

Annual

Full Report

Available under NDA

Request Full VAPT Report

How we keep your data safe

ISO 27001 is the foundation. These are the controls and practices that sit on top of it.

🔒

ISO/IEC 27001:2022 Certified

Independently audited by INTERCERT INC. (IAF-accredited via IAS) under the latest 2022 standard. Covers all 93 Annex A controls.

🛡️

Data Encryption

All data is encrypted at rest using AES-256 and in transit via TLS 1.2+. Sensitive fields are tokenized at the application layer.

Pension Agent under PFRDA POP

PensionBox operates as a registered Pension Agent under Zerodha Broking Limited (PFRDA Approved POP). NPS contributions flow through PFRDA’s regulated framework, with assets held by NPS Trust.

🇮🇳

Data Residency in India

All customer data is stored and processed within Indian data centers (AWS ap-south-1, Mumbai), aligned with DPDPA expectations.

👥

Access Controls & Audit

Role-based access, multi-factor authentication, principle of least privilege, and continuous logging across all production systems.

🚨

Incident Response

Documented incident response and business continuity plans, with annual tabletop exercises and management review of every event.

Verify our certification independently

Don’t take our word for it. Our certification is listed in the IAF (International Accreditation Forum) global database, which is the same registry used by enterprise security teams worldwide.

Verify on IAF CertSearchDownload Certificate (PDF)Privacy Policy