Security and Compliance


We know your data containing your risks, compliance, health and safety, internal audits, incidents are extremely important to you and your business, and we take protecting them seriously. After all we also host the same information in our Protecht.ERM platform. That is why all our communications are secured using HTTPS and your data is encrypted at rest.

Our Infrastructure uses trusted providers that are aligned to security best practices ensuring data is protected at all times and only accessible by who you want. Our Data Centres use the latest cloud technologies providing a highly scalable and resilient platform that enables customers to access their data when they needed.


Protecht encrypts all communication between customers and our data centres through strong encryption. All login and post-login web pages in Protecht are served over TLS, a successor to SSL. We encrypt all data at rest using AES-256 encryption. Protecht protects its system infrastructure by using dedicated firewall and network services to block unauthorized system access.

Tight access control systems are enforced. Protecht employees are not able to access customer data unless specifically required to do so for support reasons.



Protecht is ISO 27001 certified. ISO is an information security standard published by the International Organization for Standardization, the world’s largest developer of voluntary international standards, and the International Electrotechnical Commission (IEC). This certification was issued by an independent and accredited certification body based on successful completion of a formal audit process.



Protecht complies with the General Data Protection Regulation regarding processing of personal data of people in the European Union.



Protecht complies with the General Data Protection Regulation regarding processing of personal data of people in the United Kingdom.


ERM Security features

Single Sign-On (SSO) support

SSO solutions such as Active Directory Federated Services (ADFS) via SAML are supported. Other SAML-compliant providers are also supported, including Google (SAML), Okta, Azure, and Vanguard.

Two-factor authentication

In Protecht.ERM, you can turn on two-factor authentication so that users must provide two forms of identity verification to access the system. This feature is available out-of-box and can be enabled from the user interface.

For clients who have Single-Sign-On (SSO) enabled, two-factor authentication can be enabled from the client's Identity Provider server that provides the SSO authentication.

IP restrictions

Clients can request that only designated IP addresses or IP ranges can have access to their site.

Encryption of data at rest

Databases and backups are encrypted at rest using AES-256 cipher.

Encryption of data in transit

Data in transit is protected by HTTPS (SSL) encryption. SSL versions and ciphers are limited to only those known to be secure. Currently TLS 1.2 is the only supported protocol

Separation of system and network environments

System and network environments are logically separated using VLAN.

Hardening of virtual images

All servers and virtual machines are hardened using the CIS Framework

File integrity, intrusion detection, and intrusion prevention

Host-based intrusion detection (HIDS) and host-based intrusion prevention (HIPS) are in place on all servers. The intrusion detection system monitors abnormal traffic patterns, while intrusion prevention works to stop malicious attacks. These components provide a zero day protection against a large number of attacks such as worms, Trojans, spyware, key loggers and malware from penetrating the network or spreading from already infected users.

Logging and activity history

The platform has comprehensive security logging and reporting capabilities. Clients can access these logs for monitoring purposes and identifying any system misuse.

  • History against each item – The platform maintains an audit trail of actions against each record.
  • Audit log – The platform has an Audit Log for tracking access and use of the system. The Audit Log is not exposed for reporting purposes by users. (Protecht does however make available the Audit Log to clients via a request to the Support Desk if required.)


Protecht maintain business continuity plan and disaster recovery plan as part of the ISO 27001 certification. Protecht.ERM operations are 24 x 7, regardless of time zone differences providing an standard SLA of 99.5% availability.

Penetration testing

Protecht takes security very seriously and proactively monitors and tests its network, data centre infrastructure, and application. We conduct ongoing security reviews and under special circumstances we work closely with customers to conduct their own scheduled tests as well.

Penetration testing and vulnerability management

External penetration testing is performed annually (or on significant changes to the infrastructure or application) and covers infrastructure and the application level. Penetration testing is also performed as part of the release process for each major release of the application.

Customer penetration and vulnerability testing

Clients or prospective clients can arrange for penetration testing. However, there are some limitations to ensure that other clients are not impacted. Protecht is also obligated to seek permission from the hosting provider before any penetration testing is performed. Additional testing can be organised through the support desk.

Report a security vulnerability and view our responsible vulnerability disclosure policy