Security & Trust
Built for the procurement-team review.
Architecture, data protection, access control, compliance posture, vulnerability management, and disclosure — answered up front.
Architecture
- Multi-tenant isolation between MSP organisations and their managed tenants.
- Per-tenant Graph tokens minted on demand. No app-level standing privilege.
- GDAP-only access to customer tenants. Permissions live where they belong.
Data protection
- Encryption at rest and in transit on all customer data.
- Secrets stored in a managed secrets service. No plaintext credentials, ever.
- Sensitive Graph payloads redacted in logs and audit trails.
Access control
- RBAC with system and custom roles, scoped per tenant or tag.
- MFA enforced for all NTH Control Plane operators.
- Scoped, rotatable API keys with full audit logging of every action.
Compliance posture
- Cyber Essentials certified.
- GDPR-aligned data processing with DSAR support and DPA available.
- Data residency options for UK and EU customers.
Vulnerability management
- Automated dependency and secret scanning on every commit.
- SAST in CI with blocking gates on high-severity findings.
- Internal patch SLAs aligned to severity, with public disclosure if and when warranted.
Responsible disclosure
- Report findings to security@northerntechhub.com.
- We acknowledge within one business day and work to a fix collaboratively.
Need our security pack for procurement?
DPA, certifications, policies and more are available under NDA.