Data Security

At Strengthscope, your trust is our top priority. We are committed to protecting the confidentiality, integrity, and availability of your data. Whether you’re an individual user, a team leader, or an enterprise client, we ensure that your information is handled with the highest standards of security and compliance.

What is Strengthscope doing to meet security standards?

We work tirelessly to meet the ideal security standards to protect our customers and their data from security vulnerabilities. This includes maintaining the following security certifications:

ISO/IEC 27001 Certification

Strengthscope is proud to be ISO/IEC 27001 certified, the internationally recognised standard for information security management. The certification is verified annually through an independent audit that assesses our security controls, how effectively we manage risks, and the continuous improvement of our information security practices to protect your data. 

View the certification

Cyber Essentials Plus Certification

Strengthscope is also Cyber Essentials Plus certified, a UK government-backed certification that demonstrates our commitment to defending against common cyber threats. This advanced level of certification includes an independent technical assessment of our systems, ensuring robust protection across our network, devices, and data.

View the certification

To ensure the highest level of security, the Strengthscope® system also undergoes independent annual penetration testing by certified cybersecurity experts. These rigorous assessments help us proactively identify and address potential vulnerabilities, keeping our systems resilient against evolving threats. The latest Penetration Test Summary is available to certified contacts upon request.

Who can access my data?

You and your team members will have access to data according to the data access credentials that you will provide them. If you have a Client Admin account on the Strengthscope® system, you can view, create, and edit Strengthscope® users at your organisation.

Select members of the internal Strengthscope team, such as our Customer Experience or Sales colleagues, can access your data in order to offer assistance with using the Strengthscope® system or to provide you with useful analytics.

A detailed breakdown our sub-processors, including data storage and processing locations, relevant at different stages of your customer journey with Strengthscope® is available here.

How is my data encrypted?

The Strengthscope® application uses Azure SQL Server databases, which automatically protect stored data using Transparent Data Encryption (TDE). Files stored in Azure Storage are also encrypted using strong 256-bit encryption. For data in transit, all web applications hosted in Azure are secured with TLS certificates. Communication between these apps and other Azure services, like Azure SQL Server, is protected using TLS 1.2.

When it comes to email communication with customers, our system is designed to use TLS encryption whenever possible. By default, it tries to send emails using TLS version 1.1 or higher. If the recipient’s email server supports TLS, the message is delivered securely. If not, the email is sent using a standard unencrypted connection.

How is my data backed up?

To safeguard your data and ensure high availability, we utilise Microsoft Azure SQL for automated and encrypted database backups, which take place every 5 minutes. This enterprise-grade solution supports compliance with industry standards and enables rapid recovery in case of data loss or system failure. Azure’s globally distributed infrastructure also helps maintain uptime and resilience, ensuring your information remains secure and accessible when needed.

What other security measures do we have in place?

To implement additional security measures, 2-factor authentication (2FA) can be enabled on Client Admin accounts. Strengthscope can also collaborate with customers to enable SSO via SAML 2.0, SCIM 2.0 or both.

 

Links to other relevant policies can be found in the footer of this webpage.