At Legado, the security of platform data is our highest priority.

Global leaders trust Legado with their most sensitive data


Zero-trust security controls

Our zero-trust architecture approach ensures the safe communication of documents, with strong user authentication with SSO and MFA support, device security, and information rights management with vector-based watermarking.
You also get seven user-friendly permissioning roles, device trust, and application controls. Every file is encrypted using AES 256-bit encryption at rest and in transit.

Our Security Procedures, Protocols and Techniques

We adopt the following processes:


Comprehensive risk tracker

A comprehensive risk tracker maps information asset risks back to a series of internal controls.


The principle

The principle of least privilege is applied throughout the organisation. This is the limiting of access to the minimal level that will allow normal functioning. Staff have the lowest level of user rights that they can possibly have to be able to still perform their roles.


Regular tests

Regular penetration tests are carried out to ensure that the system is protected against vulnerabilities, and we use best practices and open standards to ensure that we protect against common attack vectors.
Notably, we use the OAuth 2.0 and OpenID Connect standards to enable token-based authorisation for all our internal services, ensuring that we don’t rely on perimeter security alone. Access to the live system is available only to a small number of people. Any access is done via secure channels.


ISO27001 Certified

Legado Technologies limited are certified to ISO27001 and this certification is the global standard for effective information management. It helps organisations avoid potentially costly security breaches. ISO 27001-certified organisations can show customers, partners and shareholders that they have taken steps to protect data in the event of a breach.


Protecting your data

All documents and data stored with Legado are encrypted and stored in secure UK-based servers maintained by Microsoft Azure (unless otherwise specified or an alternative hosting arrangement has been agreed).

Microsoft is an industry leader, being the first to achieve compliance with the ISO27018 cloud privacy standard and well over 50 certifications and attestations: more than any other major public cloud provider.

Bring digital engagement to life.

Speak with our team today