Legal

Security

Last updated: January 2026

Programme

ComplyIT365 runs its own ISMS mapped to ISO 27001 and SOC 2 — using ComplyIT365 itself.

Data in transit

TLS 1.3 across all endpoints. HSTS enforced.

Data at rest

AES-256 encryption. Customer data isolated per tenant.

Access control

Zero-standing-access. Least-privilege enforced by SSO + hardware keys internally.

Disclosure

Report vulnerabilities to security@complyit365.io — we honour a 90-day disclosure timeline.