You entrust us with confidential information about your organisation. We understand the responsibility to support your confidentiality, integrity and availability needs.
We share that responsibility with you.
Risk Ledger protects and maintains:
You have responsibility to control and secure how you:
All data sent to and from Risk Ledger is encrypted in transit. Our website, application and API are served over TLS/SSL, achieving A+ on Qualys SSL labs. We also encrypt all data at rest with the industry-standard AES-256.
Risk Ledger enforces strong authentication for both our platform users and employees, to protect our customers and their data. Multi-Factor Authentication (MFA) is mandatory to access the product and all our internal systems.
Risk Ledger services and data are hosted within hardened cloud infrastructure, managed using Infrastructure-as-Code processes. We operate over two availability zones, with robust monitoring in place. Amazon Web Services (AWS) is our primary cloud provider.
Risk Ledger undergoes regular vulnerability scanning and penetration tests by independent third-parties, testing our security controls against industry standards. In addition, we maintain ISO 27001 and Cyber Essentials compliance.
Why not request access to our security assessment profile on the Risk Ledger platform?
If you have any questions, concerns or would like to report a vulnerability, please email security@riskledger.com
