Security & Compliance
Protecting your data is at the core of everything we build. Here's how we keep your information safe.
Certifications & Compliance
ISO 27001
Working TowardsWe are actively working towards ISO 27001 certification, the international standard for information security management systems (ISMS). Our policies and controls are being aligned with ISO 27001 requirements.
SOC 2 Type II
AlignedOur infrastructure and processes are aligned with SOC 2 Type II standards for security, availability, and confidentiality. We are preparing for formal independent audit.
Cyber Essentials Plus
CertifiedWe hold Cyber Essentials Plus certification, the UK Government-backed scheme that demonstrates our commitment to cyber security best practices.
UK GDPR Compliant
CompliantWe comply fully with the UK General Data Protection Regulation and the Data Protection Act 2018, overseen by the Information Commissioner's Office (ICO).
Infrastructure Security
Encryption
AES-256 at rest, TLS 1.3 in transit
Access Controls
Role-based access, MFA enforced for all staff
Monitoring
24/7 intrusion detection and logging
Penetration Testing
Our platform includes built-in security scanning powered by Aikido Security, providing enterprise-grade penetration testing that supports SOC 2, ISO 27001, client security questionnaires, and investor due diligence. In addition, we conduct annual penetration tests through independent, CREST-accredited third-party security firms. Findings are remediated according to severity and timelines aligned with industry best practices.
Incident Response
We maintain a documented incident response plan that includes detection, containment, eradication, recovery, and post-incident review. In the event of a personal data breach, we will notify the ICO within 72 hours where required under UK GDPR, and affected individuals without undue delay where there is a high risk to their rights and freedoms.
Business Continuity
Our services are hosted on geographically distributed infrastructure with automated failover. We maintain regular backups with tested restoration procedures and a business continuity plan that ensures minimal service disruption.
Single Sign-On (SSO)
Enterprise SSO
Available on RequestWe support SAML 2.0 and OpenID Connect (OIDC) for enterprise single sign-on integration. SSO can be configured with your preferred identity provider, including:
- Microsoft Entra ID (Azure AD)
- Okta
- Google Workspace
- Any SAML 2.0 / OIDC-compatible provider
To discuss SSO setup for your organisation, contact us at security@closrr.io and our team will work with you to configure it.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly to security@closrr.io. We take all reports seriously and will respond within 48 hours.