Compliance at hurdle
Our systems regularly undergo verification by a third party, validating and testing their privacy, security, and compliance against global certifications, attestations or audits.
This page lists our current compliance certification, here you will find certificates, links to third party audit reports and much more relating to how hurdle complies with global standards and our focus on transparency.
Our approach to security is based around the following three pillars:
- Meet the requirements of our customers in relation to cloud security regulations.
- Be transparent to ensure we are held to a higher standard.
- Continually improve our offering with security being our priority.
As a result, please see below a list of accreditations and an insight into our methodologies that support the above three pillars.
Our application is regularly penetration tested by a CREST accredited provider, our pen-test certificate can be provided at request.
An international standard for the accreditation of information security within an organisation, published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). ISO27001 provides a framework to enable an Organisation to implement an effective Information Security Management System (ISMS) which covers technical, legal and physical protective measures and controls. The main aim of this standard is to protect the integrity, confidentiality and availability of data. ISO27001 involves being independently audited on an annual basis.
Learn more here ISO/IEC 27001
You can download our certificate here ISO 27001 Certificate
Cyber Essentials and Cyber Essentials Plus
A UK government scheme supported by the NCSC (National Cyber Security Centre) and administered by the IASME (Information Assurance for Small and Medium Enterprises) Consortium, Cyber Essentials, and Cyber Essentials plus are accreditation frameworks that covers security controls employed by an organisation. Cyber Essentials is designed to ensure an organisation has Cyber Security measures in place. Cyber Essentials plus involves an external audit to validate the security measures that have been put in place.
Learn more here Cyber Essentials – NCSC.GOV.UK
You can download our certificate here Cyber Essentials Plus Certificate
CSA Cloud Security Alliance – STAR Registry
Founded in 2013 by the Cloud Security Alliance, the Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.
View our registry listing here: CSA Star Registry
Crown Commercial Supplier
hurdle is a registered Crown Commercial Supplier and is on the Government Cloud framework.
The Open Web Application Security Project® (OWASP)
We regularly monitor and test our software using the OWASP Top Ten list, using our modern secure software development process, we are able to identify and prevent vulnerabilities using common methodologies.
Learn more here OWASP Top Ten | OWASP Foundation