Legal
Security
Last updated: January 2026
Programme
ComplyIT365 runs its own ISMS mapped to ISO 27001 and SOC 2 — using ComplyIT365 itself.
Data in transit
TLS 1.3 across all endpoints. HSTS enforced.
Data at rest
AES-256 encryption. Customer data isolated per tenant.
Access control
Zero-standing-access. Least-privilege enforced by SSO + hardware keys internally.
Disclosure
Report vulnerabilities to security@complyit365.io — we honour a 90-day disclosure timeline.