Security Certificates

Owned by Adam Voakes
Last updated: Oct 30, 2024
1 min read

Below is a library of our latest security certificates, designed as a single point of reference for our partners and customers, to provide visibility of the security levels we have achieved and when these are valid until.

Certificate

Obtained

 

Notes

Certificate

Obtained

 

Notes

Cyber Essentials

June 23

 

Jun 18, 2024 - due to a planned change in office location at the end of June 24, which involves a period of elapse between the old office and new office being available, we will be renewing our certification once we have moved into our new offices - likely to be in early 2025.

Penetration (PEN) Testing - API & Web Application

September 24

 

Oct 2, 2024 - Testing was conducted by our 3rd party PEN Testers (Daisy), and occurs every 6 months to ensure we have an independent review of our software. This is in addition to the internal security scans we perform alongside each of our software releases, which are underpinned by regular Technical Debt upgrades to our 3rd Party libraries and frameworks.

Scope:

Our PEN Tests were performed against both our Web Application and the API element of our dashboard software, testing from both an authenticated and unauthenticated perspective.

Results:

  • Only 1 Cycle of Testing was required - meaning no Critical or High priority items were found and needed a resolution before certification was provided

  • Only 2 Medium and 4 Low priority items were highlighted by the PEN Tester, which are currently being tracked through our Product Backlog for future consideration

  • Some of the item's highlight could be considered false/positive results, based on how our application is designed to function - and therefore may not be addressed