Skip to end of banner
Go to start of banner

Security Certificates

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Current »

Below is a library of our latest security certificates, designed as a single point of reference for our partners and customers, to provide visibility of the security levels we have achieved and when these are valid until.

Certificate

Obtained

Notes

Cyber Essentials

June 23

- due to a planned change in office location at the end of June 24, which involves a period of elapse between the old office and new office being available, we will be renewing our certification once we have moved into our new offices.

Penetration (PEN) Testing - API & Web Application

September 24

- Testing was conducted by our 3rd party PEN Testers (Daisy), and occurs every 6 months to ensure we have an independent review of our software. This is in addition to the internal security scans we perform alongside each of our software releases, which are underpinned by regular Technical Debt upgrades to our 3rd Party libraries and frameworks.

Scope:

Our PEN Tests were performed against both our Web Application and the API element of our dashboard software, testing from both an authenticated and unauthenticated perspective.

Results:

  • Only 1 Cycle of Testing was required - meaning no Critical or High priority items were found and needed a resolution before certification was provided

  • Only 2 Medium and 4 Low priority items were highlighted by the PEN Tester, which are currently being tracked through our Product Backlog for future consideration

  • Some of the item's highlight could be considered false/positive results, based on how our application is designed to function - and therefore may not be addressed

  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.