Platform Security Overview

Our Platform

Complete Control

Invite others in your organisation, or accounting partners, to collaborate on specific sections of your claim. Our robust role-based authorisation ensures sensitive financial and pay details are only accessible to named individuals.

Multi-factor Authentication

We support multi-factor authentication for all users and require it for users who access sensitive financial and pay details. We encourage the use of industry-best-practice OTP authenticator apps but also support SMS based 2FA.

Password Security

To help protect user accounts and company information we’ve implemented industry best practices for user passwords by enforcing a level of complexity, preventing the use of common passwords and locking accounts after a number of failed login attempts.

Traffic Encryption

All web traffic to and from our platform is encrypted by default and our encryption certificate rates A+ using the Qualys SSL Labs test (the highest possible rating).

Security Audits

Our platform is subject to third-party, CREST approved penetration testing and vulnerability audits.
 

Our Partners

We use technology partners who put security at the front and centre. Our platform runs on Heroku which is an ISO 27001, 27017 and 27018 accredited platform.

We also make extensive use of Amazon’s Web Services (AWS) which is an ISO/IEC 27001:2013 accredited platform. All servers that process and store customer data are in the EU.
 

Our Business

EmpowerRD is a Cyber Essentials (NCSC UK) compliant business.