Security and data processing

As a compliance solution provider Logwise takes security and data privacy very seriously, ensuring the proper and safe processing of client and user data is one of our highest priorities. Our focus on security and privacy reaches all parts of Logwise from development of new functionality to all our operational commitments to clients.

Our processes and controls ensure that information is only available to users who have been given documented access to that information. Logwise is regularly audited by clients and independent third-party IT auditors are engaged annually to ensure the service we provide maintains industry accepted security and information processing standards.

Certifications and Compliance

Cyber Essentials Plus

In order to provide assurance that our systems and processes maintain acceptable security standards we are certified and independently audited for Cyber Essentials, a UK government backed IT security standard. Cyber Essentials Plus requires a device audit and auditor controls of other IT infrastructure to ensure that the organisation is protected from a host of attack vectors including malicious emails, network attacks, vulnerable software and malware execution. Read more about the certification and the technical controls.

GDPR & IASME Governance

Logwise takes all necessary steps to stay in compliance with GDPR both when we process data as a controller and when data processing is performed for our clients as a processor. As part of our compliance with the GDPR we hold a certificate of assurance with the IASME Governance Standard. (logo) The IASME governance standard is designed to support businesses to comply with the GDPR and data privacy aspects of the ISO 27001 standard. Read more about the certification process and the full IASME Governance Standard.

Automated Vulnerability Scanning

As part of our commitment to security it goes without saying that we have malware, virus and ransomware scanning in place on all our IT infrastructure. In addition to this we also perform automated vulnerability scans to identify software which could be used in a Cyber Attack such as older software versions, third-party libraries with security flaws and other software components which have known vulnerabilities. This allows us to quickly remediate potential security flaws before they can be exploited. All the program code that Logwise creates as part of the software service runs through a Static Application Security Test to identify potential vulnerabilities that can be exploited through our code.

Penetration Testing

We engage a third party security team to perform annual manual penetration tests in order to find security issues which cannot be found through our automated security scanning.