SOC 2 Type II, ISO 27001 and GDPR compliant.
Your data, your exercises, your reports. Protected by the same rigour we help you prove.
Audited by independent assessors.
SOC 2 Type II
CompliantIndependently audited across security, availability and confidentiality.
ISO/IEC 27001
CompliantCertified ISMS covering production, development and corporate IT.
GDPR
CompliantData Processing Agreement available on request.
Reports, certificates and our DPA are available in the Trust Centre →
Key controls
Encryption
All data is encrypted in transit and at rest, using enterprise-grade protocols across every layer of the platform.
Access control
Every employee uses single sign-on with multi-factor authentication. Access to production systems follows least-privilege principles and is logged.
Incident response & continuity
Documented incident response and business continuity plans with defined roles, escalation paths and notification timelines. Tested regularly using Handrails.
AI & data usage
Customer data is never used to train models. Exercise recordings and transcripts are retained securely for your records.
Monitoring
Continuous monitoring across infrastructure, authentication and application layers.
Penetration testing
Independent penetration testing conducted regularly. Report available in the trust centre.
For the full list of controls, visit our Trust Centre →
Vulnerability disclosure
We run a public disclosure program with safe harbour for good-faith research.
Run a tabletop on your own IR plan.
The most honest test of your security is the one your team hasn't seen yet.