Vulnerability Scanning
Stannp maintains a rigorous security testing program with continuous automated vulnerability scanning across all infrastructure and monthly assessments with automated alerting. Independent third-party penetration testing is conducted by specialist security firms with all findings tracked to resolution, covering OWASP Top 10 as a minimum standard. Critical vulnerabilities are resolved within 7 days, high severity within 14 days, and medium severity within 30 days.
Role-Based Access Control (RBAC)
Stannp implements comprehensive access controls across all systems using role-based access control (RBAC) with least privilege principles and mandatory multi-factor authentication. All users have unique accounts with no shared credentials, and all access is logged, monitored, and regularly audited. Customer data is completely segregated through multi-tenancy architecture, with customers maintaining granular control over their team's access through platform-based user accounts.
Industry-Standard Encryption
Stannp employs industry-leading encryption to protect all customer data. We use 256-bit AES encryption for data at rest and TLS 1.2/1.3 for data in transit, consistently achieving A+ ratings from Qualys SSL Labs. All cryptographic keys are securely managed through Azure Key Vault with strict access controls.
Audit Logs & Monitoring
We maintain comprehensive audit logs for all system access and data processing activities, providing complete visibility and accountability across our platform. Our Security Information and Event Management (SIEM) system monitors activities 24/7 with daily automated reviews and real-time alerts for security events. Logs are retained for 12 months and protected against unauthorised modification.
Release Testing
All applications are developed in-house with security built in from the ground up. We maintain complete environment segregation, mandatory peer code review, and comprehensive testing with PHPUnit or PEST and Azure DevOps before production deployment. Monthly security testing, regular penetration testing, and vulnerability scans ensure ongoing protection, while multi-tenancy architecture keeps customer data completely segregated.
API & Integration Security
Our API-first platform implements comprehensive security measures including token-based authentication, HTTPS/TLS encryption achieving A+ ratings, and intelligent rate limiting. All API activities are logged and continuously monitored through our SIEM system, with monthly vulnerability scans testing specifically for OWASP Top 10 threats.
Regionalisation & Data Residency
All UK customer data is stored exclusively within the European Economic Area (EEA) on Microsoft Azure's Ireland data centres, ensuring full compliance with UK GDPR requirements. We do not transfer data outside the EEA, maintaining complete data sovereignty with geographically separated backups across multiple server regions. Our 99%+ uptime SLA is supported by redundant systems distributed across EEA locations.
Azure Infrastructure Stack
Built on Microsoft Azure's Ireland based data centres, our enterprise-grade security architecture protects customer data through multiple defence layers. We maintain separate virtual networks for complete environment segregation, role-based access control, and 24/7 SIEM monitoring with mandatory multi-factor authentication. All data in transit uses TLS 1.2/1.3 encryption (A+ rated), while data at rest uses 256-bit AES encryption. Comprehensive anti-virus and anti-malware protection with daily scans and real-time monitoring runs across all systems, integrated with Microsoft's global threat intelligence. All data remains within EEA boundaries with 99%+ uptime SLA. Monthly vulnerability scans, monthly penetration testing, and immediate malware isolation protocols ensure ongoing protection.
Service Monitoring & Availability
We operate 24/7 infrastructure monitoring through our SIEM system with daily automated reviews of comprehensive audit logs covering all system activities. Continuous monitoring tracks performance metrics, system health, and security events with real-time alerts for anomalies. Our 99%+ uptime SLA is supported by redundant systems across multiple server regions.
Backup & Recovery
Business critical data is automatically backed up every 15 minutes with daily full backups and weekly secondary backups, all stored in geographically separated EEA server regions. Backups are encrypted and retained for 30 days with 12 months total retention, ensuring comprehensive recovery options. Recovery procedures are tested annually and documented to ensure rapid restoration capabilities.
Data Transfer Security
All data transfers use HTTPS/TLS encryption achieving A+ ratings from Qualys SSL Labs, with immediate encryption of uploaded data using 256-bit AES. Our API-first platform implements token-based authentication, rate limiting, and comprehensive logging, with all activities monitored through our SIEM system. Data is processed in segregated environments and stored exclusively within EEA boundaries.