Get 10% off GOAT RM ToolkitTM with vouchercode LINKEDIN10. Offer end 31 May

GOAT’s Information Security 

We know information security is critical and we take this very seriously.  Our systems are compliant with ISO 27001 controls which is globally recognised as the leading standard for information security management.  GOAT Risk™ is also compliant with System and Organisation Controls Trust Service Principles (SOC TSP), Payment Card Industry Data Security Standards (PCI DSS), and Azure Centre for Internet Security (CIS) 1.1.0 controls.

Protecting your data

GOAT is hosted on Microsoft Azure’s cloud platform and benefits from knowledge, resources and suite of scanning and security tools.  GOAT has implemented the added protection of using the Azure Front Door service which includes a suite of features including its Web Application Firewall (WAF) and protection against Distributed Denial of Service (DDoS).  The data is stored in Microsoft’s UK data centres (UK South and UK West location).  Billing details reside with and protected by 3rd party payment processing company Stripe.

Behind the systems

GOAT is a small company which means only a core team of trusted senior employees have access to the system and data.  Whilst we benefit from an offshore 3rd party development partner with scalable resources, we keep them in a separate environment and they do not have access to the system or the data.  We conduct annual 3rd party pentration tests as well as our own Information Security Risk Assessment where we consider our risk appetite to go beyond minimum expectations by investing in security

Technical details

  • Daily security scans including patch management
  • Source code analysis tool used before deployment to User Acceptance Testing (UAT) and Production environments
  • Data transferred between users and GOAT are encrypted by Secure Sockets Layer (SSL) in transit and at rest
  • Access controls by client down to risk level
  • Single factor authentication with minimum password controls
  • User passwords are encrypted
  • Separation of development, testing and production environments
  • Client data saved only in production environment
  • Access controls and users managed by your Administrator, though risks and risk profiles can be locked by owners.

Data Privacy Policy

Suspicious activity

If you detect any suspicious activity or have any questions, please contact

Scale risk with confidence