Ensemble EHS
Enterprise-Grade Security

Security & Compliance

Your data security is our top priority. We maintain the highest standards of information security, privacy protection, and regulatory compliance.

Certifications & Compliance

Independently verified security and privacy certifications

ISO 27001:2022

Information Security Management System

Certified

Valid until December 2025

SOC 2 Type II

Security, Availability & Confidentiality

Certified

Valid until June 2025

GDPR Compliant

General Data Protection Regulation

Compliant

Valid until Ongoing

POPIA Compliant

Protection of Personal Information Act (SA)

Compliant

Valid until Ongoing

Security Measures

Comprehensive protection at every layer

Data Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for sensitive fields
  • Encrypted database backups

Access Controls

  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Single Sign-On (SSO) via SAML 2.0
  • Biometric authentication for mobile

Infrastructure Security

  • AWS cloud infrastructure with dedicated VPCs
  • DDoS protection via CloudFlare
  • Web Application Firewall (WAF)
  • Regular penetration testing (quarterly)

Monitoring & Auditing

  • 24/7 security monitoring and alerting
  • Comprehensive audit logs (7-year retention)
  • Real-time intrusion detection
  • Automated vulnerability scanning

Compliance Frameworks

Standards we adhere to and maintain

1

ISO 27001:2022

International standard for information security management

Applicability: All organizational processes and data handling

2

SOC 2 Type II

Trust service criteria for security, availability, and confidentiality

Applicability: Cloud service operations and customer data processing

3

GDPR

EU data protection and privacy regulation

Applicability: Processing of EU resident personal data

4

POPIA

South African personal information protection act

Applicability: Processing of South African resident personal data

5

ISO 27701:2019

Privacy information management system extension to ISO 27001

Applicability: Personal data processing and privacy controls

Security Incident Response

Our structured approach to handling security events

1

Detection

< 5 minutes

Automated monitoring systems detect potential security incidents in real-time

2

Containment

< 15 minutes

Immediate isolation of affected systems to prevent incident spread

3

Investigation

1-4 hours

Security team analyzes incident scope, root cause, and impact

4

Remediation

4-24 hours

Implementation of fixes, patches, and security improvements

5

Communication

< 72 hours

Notification to affected customers and regulatory authorities (if required)

6

Post-Incident Review

1 week

Lessons learned, process improvements, and preventive measures

Report a Security Vulnerability

If you discover a security vulnerability in our platform, please report it immediately to our security team. We take all security reports seriously and will respond within 24 hours.

PGP Key

We follow responsible disclosure practices and will work with you to understand and resolve the issue promptly.

Questions About Our Security?

Our security team is available to answer questions about our practices, certifications, and compliance frameworks.

Contact Security TeamSchedule Security Review