At Legado, the security of platform data is our highest priority.

A comprehensive risk tracker maps information asset risks back to a series of internal controls.

The principle of least privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possibly have to be able to still perform their roles.

Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities, and we use best practices and open standards to ensure that we protect against common attack vectors.
Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token-based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone. Access to the live system is available only to a small number of people. Any access is done via secure channels.

Legado Technologies limited are certified to ISO27001 and this certification is the global standard for effective information management. It helps organisations avoid potentially costly security breaches. ISO 27001-certified organisations can show customers, partners and shareholders that they have taken steps to protect data in the event of a breach.