Cappfinity is Committed to Security and Compliance

Cappfinity is committed to high standards of compliance, security, and accessibility across our solutions, services and products. Cappfinity’s comprehensive governance approach is designed to minimize risk to our customers by adhering to compliance guidelines and maintaining the confidentiality, integrity, and availability of the data entrusted to us. Cappfinity’s approach to compliance, security, and accessibility supports our mission to Strengthen the World. Maintaining confidentiality, integrity and availability of your data is as important to us as it is to you.

ISO27001:2013 – information security

ISO9001:2015 – quality assurance

ISO27701:2019 – data privacy

Cyber Essentials Plus



All customer solutions are subject to annual penetration testing by an independent 3rd party with CREST qualified security testers  

Secure by design

Customer data and services are hosted through Microsoft Azure, and our services are load-balanced and replicated across multiple data centers.  Microsoft Azure data centers and services are subject to industry standard compliance measures such as SOC1, SOC2, SOC3 

All data in transit, or at rest is encrypted through industry standards – a minimum TLS1.2 in transit and AES256 at rest 

Data is replicated across data centers and data backups are safely and securely stored offsite to enable point-in-time recovery 

Web Application firewalls and DDOS protection 

Security and vulnerability scanning and alerting across the infrastructure, applications, and databases 

Data protection – you are the data owner, and Cappfinity will apply a data retention policy that works for your business 

Single sign on support  – Cappfinity supports industry standard identity providers, such as SAML, AAD, OpenID so that your users can SSO to Cappfinity 

Cappfinity Team

All Cappfinity employees complete security training every 2 weeks to maintain and improve security awareness and knowledge for all.

We also ensure that all Cappfinity suppliers adhere to industry-leading security controls, certifications and are subject to company checks.