Skip to content
Skip to content
Enterprise-Grade Security

Enterprise-Grade Security for the PlatformThat Protects Your Data

As a compliance platform, we hold ourselves to the highest security standards. Your data is protected by the same rigorous controls we help you implement for your own organisation.

Our Certifications

SOC 2 Type II

Independently audited for security, availability, and confidentiality controls.

ISO 27001:2022

Certified information security management system.

GDPR Compliant

Full compliance with EU data protection regulations.

PCI DSS Level 1

Highest level of payment card data security.

How We Protect Your Data

Multiple layers of security controls working together to safeguard your information.

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Access Controls

Role-based access control with multi-factor authentication and single sign-on support.

Infrastructure

Hosted on enterprise-grade cloud infrastructure with geographic redundancy and 99.9% uptime SLA.

Monitoring

Continuous security monitoring, intrusion detection, and automated threat response.

Penetration Testing

Regular third-party penetration testing and vulnerability assessments.

Audit Logging

Comprehensive audit logs for all user activities and system events.

Our Security Practices

Security is embedded in everything we do, from development to operations.

Secure Development

  • Security-focused code reviews for all changes
  • Static and dynamic application security testing
  • Dependency vulnerability scanning
  • Regular security training for all developers

Operational Security

  • 24/7 security operations centre monitoring
  • Incident response team on standby
  • Regular backup and disaster recovery testing
  • Strict change management procedures

Data Protection

  • Data classification and handling policies
  • Strict data retention and deletion procedures
  • Customer data isolation and segregation
  • Right to erasure compliance

Vendor Management

  • Rigorous security assessment of all vendors
  • Contractual security requirements
  • Regular vendor security reviews
  • Limited data sharing with third parties

Data Residency Options

We understand that data sovereignty matters. GRCTrack offers data residency options to help you meet regulatory requirements and organisational policies.

  • European Union

    Data hosted exclusively in EU data centres

  • United Kingdom

    UK-resident data storage available

  • United States

    US data centre options for North American customers

Infrastructure Partners

We partner with industry-leading cloud providers who maintain the highest levels of physical and infrastructure security.

  • AWS (Amazon Web Services)
  • Cloudflare for DDoS protection
  • Enterprise-grade backup solutions

Responsible Disclosure

We value the security research community. If you discover a security vulnerability, please report it responsibly to our security team.

Report a Vulnerability

Contact: security@grctrack.com

Questions About Our Security?

Our team is happy to discuss our security practices and provide documentation for your vendor assessment requirements.

Start Free TrialBook a Demo

Frequently Asked Questions

How does GRCTrack protect my data?

GRCTrack uses AES-256 encryption at rest, TLS 1.3 in transit, SOC 2 Type II certified infrastructure, role-based access control with MFA, audit logging, and data residency options. The platform is hosted on AWS with PCI DSS compliant architecture.

Is GRCTrack PCI DSS compliant itself?

Yes. GRCTrack practices what it preaches — the platform infrastructure is designed to PCI DSS standards with regular assessments, vulnerability scanning, penetration testing, and continuous monitoring.