Overview
Reportl operates a business risk approach to the controls which are implemented, and a risk treatment plan is documented and reviewed quarterly. There is a documented methodology for assessing risks and deciding levels of acceptable risk.
The management team at Reportl is committed to ongoing review and improvement, to reduce the risk of security incidents and ensure continued contractual and legal compliance. A system is maintained for the setting and review of objectives for the continual improvement of the ISMS.
To ensure that all staff, customers and third parties are aware of the company’s ISMS, and their specific responsibilities within it, this policy is communicated to all parties with awareness training as required.
The Reportl Board is committed to support the management of information security at all levels and ensures the necessary resources are available.
Our information security policy is available upon request.
Security certification
Reportl is ISO 27001 certified.
Latest certification audit: 20 June 2025.
Data compliance
General Data Protection Regulation and Information Commissioner’s Office
Security protections
Where is Reportl hosted?
Reportl’s system and data is hosted on Tier III and IV servers across multiple locations in secure EU hubs to create server redundancy. Reportl’s servers are located in Finland and Germany. In addition to Reportl's ISO27001 certification, our hosting service provider is also independently ISO27001 certified.
How is Reportl's data secured?
Reportl operates a highly secure server environment protected by the latest digital security protections.
These protections include:
- Ports closed in and out, using strict firewall policies.
All server communication channels are end-to-end SSL encoded.
All data is encrypted by SSL/TLS1.3.
DDoS and WAF protection - Cloudflare.
User access is protected by secure login with two-factor authentication (2FA) using a token code.
Reportl stores user credentials securely and monitors privileged sessions.
Server infrastructure only accessed via secure VPN, not available to access publicly.
- Published reports hosted on separate servers from the Reportl system and database.
Twice-yearly independent pen testing and security audits.
All server components are continuously updated, security updates are immediate.
Does Reportl employ server monitoring?
Reportl's data instances are continuously monitored across 60 server and application level parameters, including checks for disk, server load, memory usage, network traffic, CPU usage, database, web server stack elements, running processes and server application components health.
Live monitoring also checks Reportl application specific services, for example login and data load. On any suspicious change or outage, our monitoring service immediately alerts our DevOps team, which is on duty 24/7/365 to respond and ensure business continuity and uptime.
View live server status at status.reportl.com.
Does Reportl provide secure login?
Yes, users’ access is protected by secure login with two factor authentication (2FA) using a token code. To enable this protection, users must set up their 2FA with the Google Authenticator app.
Can Reportl restrict user access to data?
Yes. Project data is only accessible to approved project contributors with login and permissions set by the project administrator. Data and content cannot be accessed by any user outside the approved project team.
Approved project team members may be members of the team at the reporting entity, and at their service provider (e.g. reporting design team, audit firm, copywriter, technical developers, etc.)
