We hold an active ISO27001 certification with the accredited British Assessment Bureau. We are happy to supply our certification document on request.
Our Charts and Gantt SharePoint Framework (SPFx) solutions do not transfer any customer data outside of the customer tenant. This is illustrated via our architecture diagram and can be easily independently validated by inspection of the network traffic of the software. Scripts are served via the Microsoft Azure CDN and no external API endpoints are called from or by the software. Data manipulation is performed by SharePoint native functions and APIs and no external APIs or servers are required or used to process data.
Data does not cross any national borders, for example entering or leaving either the UK, US or EU. Data remains completely within the customer SharePoint tenancy.
As described above, with regard to the ListBurst and Modern Gantt solutions, there is no communication of customer data outside of the Microsoft 365 (SharePoint) tenant on which the software is installed. Additionally, this means that there are zero subprocessors for the purposes of GDPR legislation and we do not record or otherwise handle Personally Identifiable Information (PII).
We can provide a GDPR Data Processing contract to our European customers. Click here to download the template. Contact us to request signing of this contract.
We adhere to the policies set out in ISO27001 with secure development practices.
Our software deployment processes are fully automated and secured via private GitHub repositories and workflows. Developer code commits by our team are reviewed by a senior team member before consideration for a release.
Development and test environments are logically separated. Our production environments are again fully isolated, and accessible only by a select subset of team members.