Infrastructure & Platform Security
Application Security
Data at Rest Encryption
Data in Transit Encryption
Access Control
Backup & Disaster Recovery
Data Minimisation
Data Segregation
Continuous Monitoring
Incident Management
Security Standards
Security Enquiries & Updates
We host our entire infrastructure in ISO 27001 certified data centres located within the United Kingdom. Our platform operates on SOC 2 Type II compliant infrastructure, ensuring adherence to the industry's most stringent security standards. All data is encrypted both at rest and in transit, with full end-to-end encryption for all backups. All data is physically stored within the United Kingdom in ISO 27001 certified facilities, ensuring your data remains within UK jurisdiction and remains fully compliant with UK data protection regulations. We secure all client-server communications using TLS 1.3 encryption, ensuring data remains encrypted in transit. You can verify this yourself by checking for the 'lock' symbol and 'https' prefix in your browser's URL field.
Our web application implements enterprise-grade security measures including automatic DDoS protection, Web Application Firewall (WAF) protection, SQL injection prevention through parameterised queries, secure authentication and session management, and encrypted data transmission via HTTPS/TLS.
All database content is encrypted using AES-256 encryption. File storage systems employ encryption at rest by default. Backup data is encrypted using industry-standard protocols.
All communications are secured with TLS 1.3 encryption. API endpoints are exclusively accessible via HTTPS. End-to-end encryption is implemented for all data transfers.
We implement strict access controls to protect your data: Multi-factor authentication (MFA) available for all accounts, role-based access control (RBAC) limiting data access to authorised personnel only, all administrative actions are logged and monitored, and regular audit of access permissions. Our employees only have access to data as required for operational and customer support purposes. We vet all individuals with data access and ensure they follow strict data handling protocols.
We maintain comprehensive backup and disaster recovery procedures to ensure the continuity and safety of your data. All data is automatically backed up daily with 7-day retention in encrypted UK data centres. Our infrastructure operates across multiple availability zones with automatic failover capabilities for the application layer. In the unlikely event of a system failure, we maintain a Recovery Time Objective of 24 hours and a Recovery Point Objective of 24 hours, meaning restoration is typically completed within hours with a maximum data loss window of one day. We regularly test our backup restoration procedures to ensure rapid recovery capability. Our platform benefits from enterprise-grade infrastructure reliability, with 24/7 automated monitoring and established incident response procedures.
We adhere to strict data minimisation principles: We only collect professional contact details necessary for service delivery. Training records are retained solely for compliance purposes. No collection of unnecessary personal data. Clear retention and deletion policies aligned with legal requirements.
We maintain strict data segregation as part of our multi-tenancy platform architecture: Complete isolation between customer accounts, no data sharing between organisations, each customer's data remains entirely separate and secure. Third-party access is strictly limited to essential operational requirements. We never use customer data for commercial purposes. Data access is limited solely to maintaining system operations and providing customer support.
Our infrastructure benefits from 24/7 system monitoring and automated threat detection, real-time security alerting, performance and availability monitoring, and regular security log analysis.
We maintain robust incident response procedures: Defined escalation procedures for security events, commitment to timely breach notification as required by law, post-incident analysis and improvement processes, and regular testing of incident response plans.
Our platform benefits from infrastructure that maintains SOC 2 Type II certification - demonstrating rigorous security controls, ISO 27001 certification - ensuring comprehensive information security management, regular third-party security audits, and continuous compliance monitoring. These certifications are maintained by our infrastructure providers and undergo regular independent verification.
For security-related enquiries or to report a security concern, please contact: contact@legionellalogbook.com. This security statement is reviewed and updated regularly. We notify clients of any significant changes to our security practices. Last Updated: 1st November 2025. Version: 1.0