Platform Security Overview
Invite others in your organisation, or accounting partners, to collaborate on specific sections of your claim. Our robust role-based authorisation ensures sensitive financial and pay details are only accessible to named individuals.
We support multi-factor authentication for all users and require it for users who access sensitive financial and pay details. We encourage the use of industry-best-practice OTP authenticator apps but also support SMS based 2FA.
To help protect user accounts and company information we’ve implemented industry best practices for user passwords by enforcing a level of complexity, preventing the use of common passwords and locking accounts after a number of failed login attempts.
All web traffic to and from our platform is encrypted by default and our encryption certificate rates A+ using the Qualys SSL Labs test (the highest possible rating).
Our platform is subject to third-party, CREST approved penetration testing and vulnerability audits.
We use technology partners who put security at the front and centre. Our platform runs on Heroku which is an ISO 27001, 27017 and 27018 accredited platform.
We also make extensive use of Amazon’s Web Services (AWS) which is an ISO/IEC 27001:2013 accredited platform. All servers that process and store customer data are in the EU.
EmpowerRD is a Cyber Essentials (NCSC UK) compliant business.