Security and Compliance at Theorem Solutions

Theorem Solutions maintains an ISO 27001 compliance certification and a Cyber Essentials Plus certification.

Data Protection

Data at Rest

All of Theorem Solutions computers and servers are full disk encrypted using at least 256-bit AES encryption.

Data in Transit

TLS 1.2 or higher is utilised everywhere data is transmitted over potentially insecure networks.

Product Security

Pen Testing & Application Security

Theorem Solutions engages with an external ISO 27001 accredited company that carries out automated penetration testing on our external network and our TheoremXR web application on a regular basis.

Vulnerability Scanning

Theorem Solutions internal systems undergo regular vulnerability scans with any findings being tracked and remediated within the time frames specified in our IT policies.

Enterprise Security

Endpoint Protection and Monitoring

All corporate devices are centrally managed and equipped with device management software and anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. Device management software is used to enforce secure configuration of endpoints, such as disk encryption, screen lock configuration, and software updates.

Secure Remote Access

Theorem Solutions secures remote access to internal resources using a modern VPN platform that requires MFA.

Security Awareness Training

All new Theorem Solutions employees undergo mandatory security awareness training during their company induction. In addition, security awareness training and emails are delivered to all staff on a regular basis.

Identity and Access Management

Theorem Solutions employees are assigned a unique user account and are granted access to data based on their role. Further access to data is subject to a strict approval process and is controlled via our IT support ticketing system.