Compliance

This page describes our information security posture and compliance.

Infrastructure

All our infrastructure is hosted on Azure data centers in the UK which are certified for SOC 3, ISO 27001, FedRAMP and many other standards.

Security monitoring, malware detection and vulnerability management is performed by Microsoft Defender for Cloud.

Software updates are applied as soon as they’re available (e.g. Patch Tuesday for Windows servers) and managed by Azure Update Manager

Engineering

Code is developed in a secure manner. A partial list of secure coding techniques used includes:

• Static and dynamic code analysis using multiple tools
• Weekly check of published CVEs
• Using frameworks that enforce parameterized queries to prevent SQL injection attacks
• Using frameworks with built-in protection against cross-site scripting vulnerabilities
• Monitoring of code stability in production
• Digital signing of production code to prevent tampering
• Code reviews
• Penetration testing (internal and external)

Vulnerability reporting resources

• How to report a vulnerability
• Security.txt

Security grades

Qualsys SSL Labs

• app.powermapper.com A+
• www.powermapper.com A

Mozilla Observatory

• app.powermapper.com A+
• www.powermapper.com A+