Security You Can Stand Behind
GetCybr holds itself to the same standard we help vCISO practices deliver for their clients.
ISO 27001 In Progress
AES-256 Encryption
GDPR Compliant
99.9% Uptime SLA
Our Security Posture
Every layer of the GetCybr platform is built with security as the default, not an afterthought.
Data Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Control
Role-based access control, MFA enforcement, SSO/SAML support.
Data Residency
Choose EU, US, or self-hosted deployment. Your data stays where you need it.
Penetration Testing
Annual third-party pen tests. Vulnerability disclosure programme available.
Compliance Posture
We invest in third-party validation so your clients can trust the infrastructure underpinning their security programme.
ISO 27001 (In Progress)
We are pursuing ISO 27001 certification, targeting completion in Q4 2026. Our information security management practices are being aligned with ISO 27001 controls during this period.
GDPR Compliant
We are fully GDPR-compliant. Data subject rights, lawful processing, and data protection by design are core to how we operate.
HIPAA-Ready Architecture
For healthcare-adjacent deployments, our architecture supports HIPAA-compliant configurations with appropriate BAA agreements.
Responsible Disclosure
We take the security of our platform and our partners' data seriously. If you have discovered a vulnerability in GetCybr, we ask that you report it to us responsibly. We commit to acknowledging your report within 48 hours, keeping you informed of our progress, and recognising your contribution once the issue is resolved.
Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We will not take legal action against researchers who identify and responsibly report vulnerabilities in accordance with this policy.
To report a vulnerability, contact us at security@getcybr.com
Questions About Our Security Posture?
Our team is happy to walk you through our security controls, compliance certifications, and data residency options.