SettleIndex achieves ISO/IEC 27001 certification
The internationally-recognised standard for information security, cyber security and privacy protection.
Built to handle confidential data, SettleIndex is independently certified to ISO/IEC 27001, the world’s best-known standard for information security, cyber security and privacy protection.
Audited and certified for ISO/IEC 27001 by a UKAS-accredited certification body.
Periodic penetration testing by a CREST-certified testing provider.
Single sign-on and multi-factor authentication included as standard in all corporate plans.
SettleIndex is certified for ISO/IEC 27001, the world’s best known standard for information security, cyber security and privacy protection, by a UKAS-accredited certification body. Certification includes periodic auditing of the company’s Information Security Management System (ISMS).
The application is regularly audited for security by a CREST certified penetration testing provider. In the latest report, there were no outstanding security issues.
Single sign-on is available for enterprise clients.
Multi-factor authentication is mandatory on all accounts. We operate email and password authentication, followed by a one-time security code sent via SMS. Users are unable to access accounts without both the password and the security code.
The application was built to handle sensitive and confidential information and we practice privacy by design. Users must take specific steps to share data with other users.
Employees and contractors have no access to client data.
SettleIndex is a cloud application hosted on infrastructure owned and operated by Amazon Web Services (AWS), providing the highest levels of physical and infrastructure security. AWS is utilised by the US and UK governments and is widely recognised.
Data is stored in centres located in London, UK.
SettleIndex is compliant with the EU’s General Data Protection Regulation (GDPR) with a privacy by design architecture and clear privacy policies for visitors and users.
The Data Protection Officer (DPO) is Zac Best. The data controller is SettleIndex Ltd, and ac Best is the representative in the EEA. Contact details can be found below.
In accordance with GDPR, data associated with any account can be permanently removed upon request. Data collected by clients with trial accounts is not subject to analysis.
Incidents can be reported to email@example.com