Security & Privacy compliance

CreditLogic meets the highest industry standards and is ISO27001 certified.

Sophisticated security strategy

CreditLogic’s security strategy is based on a layered defence approach. It incorporates preventative, detective and reactive controls at the infrastructure, application and operational (people and process) layers.

This ensures the integrity, availability, and confidentiality of CreditLogic’s information assets and those of our customers is assured and maintained.

We adhere to the principles of security by design and default throughout the full service lifecycle from the software development lifecycle (SDLC) through service commissioning and operation.

Strict information security

CreditLogic strictly controls and monitors access to mission-critical systems. All user/application access to cloud services is managed using IAM users and IAM roles set for each account. 

User authentication is multi-factor, and includes user name, credential and a physical security key.

All customer-provided data stored in our environment is encrypted with AES-256.

Our cybersecurity solution partner specialises in vulnerability detection and intelligence technology to perform penetration testing and real-time continuous attack surface management.

Defence in depth

To make sure our customers are truly protected, we implement multi-layered defence at the technology layer. This includes but isn’t limited to:

  • secure application design
  • strong authentication and access control
  • firewalls (stateful/Web Application Firewall)
  • antimalware
  • system hardening
  • encryption
  • data loss prevention and reporting.

Our approach ensures there’s always a contingency control available if a primary control fails.

Information security management system (ISMS)

Data Protection

All systems and processes are compliant to GDPR standard and our Data Protection Officer can support you to navigate implementation with privacy in mind. This would include:-

  • Support with your Privacy Policy and consent management system (CMS)
  • Clear Retention, Deletion and Access processes
  • Assurances that all data is hosted within the EU
  • All governed under a Data Processing Agreement (DPA) and DPIA

Rock-solid design principles

Our environment implements security and privacy by design and default at all levels – infrastructure, application and service.

Highly available

We have a completely cloud-based environment with multiple layers of redundancy, resilience, and recovery options.


The system uses the inherent replication of the cloud environment as well as back-ups to ensure data integrity and recovery if there’s any disruption.

Actionable security intelligence

Our cloud implementation is designed to match industry-recognised security standards (CIS or Center for Internet Security) and ensures this is maintained automatically.

Pervasive monitoring and measurement

Our environment requires no hands-on management at your end. 

Everything is software-defined, deployed and managed through industry-standard tools and the native monitoring capability of the cloud. 

This dramatically reduces downtime and issues for customers.

Get in touch!