ISO 27001 Alignment

ISO/IEC 27001 is a framework for managing information security risk through policies, controls, review, and continual improvement. We use ISO 27001 concepts as a reference point when thinking about access control, logging, credential handling, and related operational safeguards.

The purpose of this page is narrower: to describe areas where our current implementation shows alignment with security practices commonly associated with ISO 27001.

Examples of controls evidenced in the current codebase and internal control notes include:

• Role-based access control and workspace-scoped authorisation checks
• OTP and password authentication flows with rate limiting
• Structured logging with redaction of passwords, tokens, OTP values, and auth headers
• Audit trails for a range of critical operational actions
• bcrypt password hashing and encrypted storage for certain external-service tokens
• Schema validation and guarded error handling on many application routes

We do not claim on this page that we have a fully documented and independently audited ISMS, a complete Annex A implementation, formally tested business continuity metrics, or a completed certification programme.

Where customers need more specific evidence, security documentation should be requested through the commercial or support process rather than inferred from this public page alone.

We continue to refine controls, tighten public claims to match reality, and identify gaps through internal audits, code review, and operational feedback. Any future certification effort, if pursued, will be described separately once formally achieved.

For security-documentation or ISO-alignment questions, contact: