Information Security

We are committed to safeguarding our clients’ data across our platforms and operations.

Information security is prioritised in every part of our software development lifecycle:

We identify potential threats as part of requirements analysis and design suitable treatments
We cultivate deep security awareness in our engineers, supported by code review and static analysis
We practise secure operations, with segregated controls for production environments
We audit and verify our systems to ensure effective control

Security risks are identified before development and treatments selected.

Engineers independently review security-critical work during development.

Source code is analysed for potential weaknesses and security hotspots.

We partner with CREST-certified security companies to test our systems in the cloud.

Business Continuity

Our platforms leverage Azure best practices to provide effective business continuity controls, commensurate with risk and recovery time objectives.

Working with clients to understand their unique requirements, we also deploy continuity controls directly into the application code, for example:

Event processing architecture for resilient processing
'Emergency kit' offline downloads for critical processes
Clear segregation of client data to enforce client data ownership and enable simple transfer of data upon termination

Enterprise-Grade Security for Education