Audit-ready from day one

Security that scales with your duty of care.

ISO 27001 certified, UK data residency, and every regulatory framework you need — mapped, tracked, and exportable.

Regulatory frameworks

0-bit

AES encryption at rest

Platform uptime SLA

Data breaches ever

01 Certifications

Accredited, certified, assured.

ISO 27001

Information security management — independently audited every 12 months.

Cyber Essentials+

NCSC-approved. Re-assessed annually, with internal scans quarterly.

UK GDPR

DPO appointed. Data stays in the UK. Full DPIA support for enterprise clients.

NHS DSP Toolkit

Standards Met for NHS and health-adjacent deployments.

G-Cloud 14

Direct procurement for UK public sector. Pre-approved T&Cs and pricing.

SOC 2 Type II

In progress — attestation expected Q3 2026.

02 Frameworks

Every regulatory framework, mapped.

Golden Thread of information, mandatory occurrence reporting, Safety Case Reports, and duty-holder responsibilities — all pre-configured for higher-risk buildings.

FRAs, FRA actions, fire door quarterly checks, external wall assessments — structured against the Responsible Person duties.

Risk assessments, method statements, accident reporting, RIDDOR integration. Full audit trail of who did what, when, and why.

Principal designer tracking, lifting equipment inspections, PUWER assessments, and COSHH substance registers — all in one place.

Processor contract templates, Data Processing Agreement, DPIA workflow, and subject access request handling.

Personal Emergency Evacuation Plans for residents requiring assistance, with quarterly review scheduling.

03 Infrastructure

How we keep your data safe.

UK data residency

All data stored in AWS eu-west-2 (London). No transfers outside the UK, ever. Full right-to-erasure tooling.

AES-256 at rest

Every file, database row, and backup encrypted with AWS KMS keys. TLS 1.3 in transit.

SSO & MFA by default

Okta, Azure AD, Google Workspace SAML. Passkeys and hardware key support. MFA mandatory for all admin accounts.

Penetration testing

Annual CREST-accredited pen test. Continuous bug bounty. All critical findings published in our trust report.

Disaster recovery

RPO 15 minutes, RTO 4 hours. Multi-AZ replication. Monthly failover drills.

Trust centre

Live security posture at trust.cloud-safe.uk — status page, pen test summaries, and all certificates.

Free 30-day trial

Stop chasing paperwork. Start proving compliance.

Join 400+ safety teams who trust CloudSafe to keep their buildings — and their people — on the right side of the law.

Start free Book a demo