Get 10% off GOAT RM ToolkitTM with vouchercode LINKEDIN10. Offer end 31 May

GOAT’s Information Security 

We know information security is critical and we take this very seriously.  Our systems are compliant with ISO 27001 controls which is globally recognised as the leading standard for information security management.  GOAT Risk™ is also compliant with System and Organisation Controls Trust Service Principles (SOC TSP), Payment Card Industry Data Security Standards (PCI DSS), and Azure Centre for Internet Security (CIS) 1.1.0 controls.

Protecting your data

GOAT is hosted on Microsoft Azure’s cloud platform and benefits from knowledge, resources and suite of scanning and security tools.  GOAT has implemented the added protection of using the Azure Front Door service which includes a suite of features including its Web Application Firewall (WAF) and protection against Distributed Denial of Service (DDoS).  The data is stored in Microsoft’s UK data centres (UK South and UK West location).  Billing details reside with and protected by 3rd party payment processing company Stripe.

Behind the systems

GOAT is a small company which means only a core team of trusted senior employees have access to the system and data.  Whilst we benefit from an offshore 3rd party development partner with scalable resources, we keep them in a separate environment and they do not have access to the live system or client data.  We conduct 3rd party pentration tests after major releases or annually as well as conducting our own Information Security Risk Assessment.

Technical details

  • Daily security scans including patch management and activity alerts
  • Source code analysis tool used before deployment to User Acceptance Testing (UAT) and Production environments
  • Data transferred between users and GOAT are encrypted by Secure Sockets Layer (SSL) in transit and at rest
  • Separation of development, testing and dual instance production environments
  • Client data backed up for 30 days
  • Client data is not replicated in testing and UAT
  • Single or two factor authentication available with minimum password controls
  • User passwords are encrypted
  • Access controls and users managed by your Administrator, though risks and risk profiles can be locked by owners.
  • Access controls by client down to risk level

Data Privacy Policy

Suspicious activity

If you detect any suspicious activity or have any questions, please contact

Scale risk with confidence