Security First

At People First, we understand how important data security is to you, your employees and your customers. That’s why we go to great lengths to make sure your information is safe with us.

We do this by carrying out a range of stringent security measures based on three fundamental pillars of data security: prevention, detection and assurance.


We’re certified and independently audited for ISO 9001:2015 and ISO 27001:2013. This means we meet all the requirements of these internationally renowned standards for quality management and information security. We also work in compliance with Cyber Essentials – a UK government scheme that encourages organisations to adopt data security best practices. On top of this, we’re working towards gaining our SOC2 Report, to be independently audited by KPMG.

Hosted on Azure

People First is hosted in Microsoft data centres using their super-secure Azure platform. This means you get industry-leading data centre security, threat intelligence and infrastructure security, including network-level intrusion detection and denial of service protection. System updates and patches are performed transparently by Microsoft, and data stores are configured to enable Transparent Data Encryption (TDE).

Software as a Service

People First is a Software as a Service (SaaS), which means rapid deployment, lower costs and zero maintenance. On top of this, our SaaS platform offers you piece of mind in terms of data security.

  • Sensitive data is encrypted using AES-256 in cipher block chaining (CBC) mode, with tenant-specific keys.
  • We use Role Based Access Control (RBAC) within applications to allow you to enforce least privilege and segregation of duties for your users.
  • We offer local data centres, allowing you to retain data sovereignty and reduce internal data transfer.

Software development

Data security is built into our software at every stage. Throughout the software development lifecycle, we carry out a number of security considerations and activities, including:
  • Source code security scans
  • Source code composition analysis to determine the risk in third-party components
  • Runtime application vulnerability scanning using various scanners
  • Penetration testing
  • HTTPS with TLS1.2 to ensure your data is protected in transit

A team of experts

Keeping everything ticking over is our team of security experts, who guarantee the highest standards are always met. It is their job to stay on top of developments in the data security world, reacting to changes and new threats to ensure that People First is always one step ahead of the game.