Security
The security of your information is important to you, and it’s important to us. We implement a range of security controls within our applications and operational practices to manage risk and secure your information.
ISO 27001 Certified |
Credit Sense is ISO 27001 certified by certification body Lloyds Register including all of our systems, assets, people and processes involved in supporting and maintaining our platform and its information security.
Credit Sense and its data partners adhere to leading industry practices for security, regulatory compliance and privacy.
Information security management system |
Information security is organised within our Information Security Management System (ISMS) framework. Our ISMS framework enables the structured recording, management, review and continuous improvement of our information security practices.
Our ISMS includes formal risk management processes, robust incident management controls, secure development practices and is subject to annual internal and external certification audits.
Encryption |
All data processed through our systems is encrypted in transit and at rest. All sensitive information is protected by row-level encryption and stored in systems that cannot access decryption keys. Access credentials are encrypted, tokenised and stored in specialised secrets vaults in protected regions of our infrastructure inaccessible to individuals and unauthorised systems.
Security Monitoring |
We maintain real-time security threat management systems including intrusion detection, Security Information and Event Management (SIEM) and vulnerability scanning.
Anti-malware |
We centrally deploy, manage and monitor anti-malware and anti-virus controls on all devices authorised to access our network.
Recruitment |
Formal recruitment security practices are implemented including criminal history checks prior to employment, to ensure we only hire fit and proper people.
Security Awareness |
We implement security awareness training for all staff including OWASP top 10, phishing and social engineering awareness programs and testing.