Security & compliance

CreditLogic meets the highest industry standards and is ISO27001 certified.

Sophisticated security strategy

CreditLogic’s security strategy is based on a layered defence approach. It incorporates preventative, detective and reactive controls at the infrastructure, application and operational (people and process) layers.

This ensures the integrity, availability, and confidentiality of CreditLogic’s information assets and those of our customers is assured and maintained.

We adhere to the principles of security by design and default throughout the full service lifecycle from the software development lifecycle (SDLC) through service commissioning and operation.

Strict information security

CreditLogic strictly controls and monitors access to mission-critical systems. All user/application access to cloud services is managed using IAM users and IAM roles set for each account. 

User authentication is multi-factor, and includes user name, credential and a physical security key.

All customer-provided data stored in our environment is encrypted with AES-256.

Our cybersecurity solution partner specialises in vulnerability detection and intelligence technology to perform penetration testing and real-time continuous attack surface management.

Defence in depth

To make sure our customers are truly protected, we implement multi-layered defence at the technology layer. This includes but isn’t limited to:

  • secure application design
  • strong authentication and access control
  • firewalls (stateful/Web Application Firewall)
  • antimalware
  • system hardening
  • encryption
  • data loss prevention and reporting.

Our approach ensures there’s always a contingency control available if a primary control fails.

Information security management system (ISMS)

Our information security practices are based on the ISO 27001 (2013) framework. This defines our service requirements to a granular level.

To ensure we adhere to the highest standards of security and service management, CreditLogic has implemented ITIL-based service management. This means incidents, problems and changes are consistently managed.

Rock-solid design principles

Our environment implements security and privacy by design and default at all levels – infrastructure, application and service.

Highly available

We have a completely cloud-based environment with multiple layers of redundancy, resilience, and recovery options.


The system uses the inherent replication of the cloud environment as well as back-ups to ensure data integrity and recovery if there’s any disruption.

Actionable security intelligence

Our cloud implementation is designed to match industry-recognised security standards (CIS or Center for Internet Security) and ensures this is maintained automatically.

Pervasive monitoring and measurement

Our environment requires no hands-on management at your end. 

Everything is software-defined, deployed and managed through industry-standard tools and the native monitoring capability of the cloud. 

This dramatically reduces downtime and issues for customers.

Get the Latest
from CreditLogic