Security & Compliance

Security Built Into Every Layer

Enterprise-grade security practices, independently validated certifications, and a commitment to protecting your workforce data.

Certifications

Independently Validated

Active

ISO 27001:2022

ISMS certification by Global Compliance Certification (JAS-ANZ accredited). Valid through June 2027.

Active

SOC 2 Type 2

Security trust service criteria. 12-month operational effectiveness audit by GCC.

Completed

SOC 2 Type 1

Design suitability examination. Completed April 2024.

Infrastructure

Infrastructure Security

Built on enterprise-grade cloud infrastructure with defense in depth. Every layer -- from network to storage -- is hardened and continuously monitored.

  • Hosted on Amazon Web Services (AWS) with enterprise-grade physical security
  • Virtual Private Cloud (VPC) isolation for production workloads
  • Network segmentation between development, staging, and production
  • Encrypted communications using TLS 1.2+ for all data in transit
  • Data at rest encrypted using AES-256
  • Firewall and access control policies restricting network access
  • Secrets and API keys managed through dedicated secrets management services

Application

Application Security

Secure by design, from development to deployment. Every change goes through rigorous review and automated checks before reaching production.

  • Code review requirements for all production changes
  • Automated dependency scanning for known vulnerabilities
  • Infrastructure as Code managed through Terraform with version control
  • Branch protection and access controls on source code repositories
  • Role-based access control (RBAC) for platform access
  • Multi-tenant architecture with strict data isolation between customers
  • Principle of least privilege applied to all system access
  • Multi-factor authentication for internal systems

Get in Touch

Security & Compliance Inquiries

Responsible Disclosure

If you discover a security vulnerability in our platform or services, we encourage responsible disclosure. We commit to acknowledging reports promptly and working with researchers to address confirmed vulnerabilities.

security@predelo.com

Compliance Inquiries

For security questionnaires, due diligence requests, or detailed security documentation, we are happy to provide our SOC 2 report (under NDA), questionnaire responses, and architecture documentation to support your procurement and security review.

compliance@predelo.com