Security

Highly secure. Private data.

Built to handle confidential data, SettleIndex is independently certified to ISO/IEC 27001, the world’s best-known standard for information security, cyber security and privacy protection.

ISO/IEC 27001 Certified

Audited and certified for ISO/IEC 27001 by a UKAS-accredited certification body.

Independent penetration testing

Periodic penetration testing by a CREST-certified testing provider.

Single sign-on and MFA

Single sign-on and multi-factor authentication included as standard in all corporate plans.

Information security

ISO/IEC 27001 Ceritified

SettleIndex is certified for ISO/IEC 27001, the world’s best known standard for information security, cyber security and privacy protection, by a UKAS-accredited certification body. Certification includes periodic auditing of the company’s Information Security Management System (ISMS).

Periodic penetration testing

The application is regularly audited for security by a CREST certified penetration testing provider. In the latest report, there were no outstanding security issues.

Single sign-on

Single sign-on is available for enterprise clients.

Multi-factor authentication

Multi-factor authentication is mandatory on all accounts. We operate email and password authentication, followed by a one-time security code sent via SMS. Users are unable to access accounts without both the password and the security code.

Mozilla Observatory

The application scores A+ on the Mozilla Observatory. View the report here.

Privacy by design

The application was built to handle sensitive and confidential information and we practice privacy by design. Users must take specific steps to share data with other users.

Restricted access to data

Employees and contractors have no access to client data.

Secure cloud infrastructure

SettleIndex is a cloud application hosted on infrastructure owned and operated by Amazon Web Services (AWS), providing the highest levels of physical and infrastructure security. AWS is utilised by the US and UK governments and is widely recognised.

Data location

Data is stored in centres located in London, UK.

Policies

Terms of use

We use cookies in the provision of the application and associated support and analytics services. Please find our full Cookie Policy here: https://settleindex.com/cookies/.

Privacy

Usage of the application is subject to the terms of use which can be found here: https://settleindex.com/terms/

Cookies

Please find our full privacy policy and data protection policy here: https://settleindex.com/privacy/

Compliance

GDPR

SettleIndex is compliant with the EU’s General Data Protection Regulation (GDPR) with a privacy by design architecture and clear privacy policies for visitors and users.

Data protection officer

The Data Protection Officer (DPO) is Charles Szilagyi. The data controller is SettleIndex Ltd, and Charles Szilagyi is the representative in the EEA. Contact details can be found below. 

Data retention

In accordance with GDPR, data associated with any account can be permanently removed upon request. Data collected by clients with trial accounts is not subject to analysis.

Incident response

Incidents can be reported to security@settleindex.com