Secure by Design

Security is not an add-on at RegPass™. It is designed in from the ground up — across data, infrastructure, access, and deployment.

Data Isolation

Each tenant's data is strictly isolated. We do not commingle regulatory content, obligations, or audit trails across clients, and we never use client data to train shared models.

  • Tenant-level logical and physical data separation
  • Client data never used for model training or cross-tenant analytics
  • Configurable data residency — EU, UK, or US regions
  • Data retention and deletion controls aligned to your policy

Encryption

All data is encrypted in transit and at rest. Customers requiring additional control can bring their own keys.

  • TLS 1.2+ for all data in transit
  • AES-256 encryption at rest
  • Customer-managed encryption keys (BYOK) available
  • Secrets managed via a dedicated vault — no credentials in code

Access Controls

Least-privilege by default. Role-based access controls ensure users see only what they need, with every action logged and attributable.

  • Role-based access control (RBAC) with fine-grained permissions
  • SSO via SAML 2.0 / OIDC — integrates with your identity provider
  • Multi-factor authentication enforced
  • Immutable access logs and session audit trails

Infrastructure Security

Our cloud infrastructure follows defence-in-depth principles — network segmentation, hardened configurations, and continuous vulnerability management.

  • Private VPCs with network segmentation and egress controls
  • Automated vulnerability scanning and dependency management
  • Infrastructure as code with policy-enforced controls
  • Penetration testing and third-party security reviews

Deployment Options

RegPass™ meets you at your risk posture. From fully managed SaaS to private cloud and airgapped deployments, you control where your data lives and how models run.

  • SaaS — hosted, managed, and patched by RegPass™
  • Private cloud / VPC — deployed into your environment, your keys
  • Airgapped — fully offline, no external calls, on-premise where required
  • Hybrid configurations available for phased migration

Compliance & Certifications

We maintain rigorous internal controls and work towards recognised security certifications to give your security and procurement teams confidence.

  • GDPR-compliant data handling and processing agreements
  • ISO 27001 alignment (certification in progress)
  • SOC 2 Type II readiness programme underway
  • Supplier security questionnaires supported

Questions about security?

Our team is happy to walk through our security controls, answer questionnaires, or arrange a technical review.

Get in Touch