Assuric

Assuric's interface is built entirely on a web component library built for accessibility.  We are compliant with WCAG 2.2AA and partially compliant with WCAG 2.2 AAA. The platform is tested across multiple browsers and environments with automated development alerts for accessibility issues including screen reader compatibility, colour contrast testing, and keyboard navigation.

Yes, all data is encrypted at rest using AES256 and periodically rotated managed encryption keys

Yes, all data is encrypted in transit via modern protocols (HTTPS with TLS v1.2 and v1.3 only) and managed encryption keys which are periodically rotated.

Yes. Independent third-party penetration tests are conducted periodically from CREST-accredited testers, and identified findings are tracked through remediation processes. Our last test was conducted Feb 2026 (no outstanding Medium, High or Critical risk vulnerabilities).

Yes. Automated vulnerability scanning and patch management processes are used to maintain system security.

Yes. Secure coding standards, dependency monitoring, and change management controls are embedded into the development lifecycle.

Yes, all platform actions are logged and Assuric provides an in-platform audit log for user activity. Security-relevant and administrative activities are logged and retained for monitoring, auditing, and incident investigation purposes. Logs are centrally collected, access-restricted, and protected against modification.

Yes. Automated backups are performed regularly, encrypted, and protected from unauthorised access. Backup restore procedures are tested at regular intervals to support disaster recovery and business continuity objectives. Assuric maintains documented business continuity and disaster recovery plans designed to restore services within defined recovery objectives.

Platform access is granted using least using least-privilege role-based access controls (RBAC), strong authentication including multi-factor authentication (MFA), and support for single-sign-on (SSO)

Yes, Assuric supports single-sign-on (SSO) including enterprise support for custom SAML and OIDC workflows, and common providers (e.g: Okta, custom Microsoft Entra Tenants).

Assuric maintains Cyber Essentials and Cyber Essentials Plus certifications, DSPT (standards exceeded) and an independently verified ISO 27001 certification from a UKAS-accredited ISO 27001 certification body. Certificates are all available from our Trust Centre.

Yes. Assuric maintains all technical and organisational measures designed to support GDPR requirements, including providing a Data Processing Agreement alongside our platform Terms and data subject rights support. Further information can be found in our publicly facing Privacy Notice.