Compliance

This page describes our information security posture and compliance.

Infrastructure

All our infrastructure is hosted on Azure data centers in the UK which are certified for SOC 3, ISO 27001, FedRAMP and many other standards.

Security monitoring is performed by Microsoft Defender for Cloud.

Engineering

Code is developed in a secure manner. A partial list of secure coding techniques used includes:

• Static and dynamic code analysis using multiple tools
• Weekly check of published CVEs
• Using frameworks that enforce parametrized queries to prevent SQL injection attacks
• Using frameworks with built-in protection against cross-site scripting vulnerabilities
• Monitoring of code stability in production
• Digital signing of production code to prevent tampering
• Code reviews
• Penetration testing (internal and external)

Vulnerability reporting resources

• How to report a vulnerability
• Security.txt

Security grades

Qualsys SSL Labs

• app.powermapper.com A+
• www.powermapper.com A

Mozilla Observatory

• app.powermapper.com A+
• www.powermapper.com A+