Trust & Security.
Buyer evidence for procurement, technical assurance and operational confidence.
Current
Encryption posture
Encryption in transit and at rest, protected keys, tenant isolation and controlled access.
- TLS 1.3 for all endpoints
- AES-256 at rest (Azure Storage Service Encryption)
- Key Vault HSM for signing keys
- Tenant-per-database isolation
In flight
ISO 27001
Trust Center evidence, certification status, control summary and procurement pack.
- ISMS scope: Allodis platform and operations
- Stage 1 audit complete
- Stage 2 scheduled
- Control mapping available on request
Published
Sub-processors
Transparent sub-processor list, DPA, change notification and data residency overview.
- Azure (UK South primary, UK West DR)
- MongoDB Atlas (Azure-hosted)
- Stripe (PCI DSS Level 1)
- SendGrid (email delivery)
Architecture security
Defence in depth with network segmentation, WAF, DDoS protection and immutable audit logging.
- Azure Front Door with WAF rules
- Private endpoints for database access
- Application Insights for real-time monitoring
- Immutable audit trail with hash chain integrity
Operational security
RBAC, MFA enforcement, step-up authentication for sensitive operations and comprehensive audit.
- OIDC/OAuth 2.0 with PKCE
- Role-based access control (12 roles)
- MFA enforcement for all admin operations
- Session management with idle and absolute timeout
Downloadable Trust Pack
DPA, sub-processors, certification summary, security overview and data residency brief — available on request for procurement teams.