Security

Security you can show your auditors

Financial data requires the highest standard of protection. Lumio360 is built with security as a design constraint, not an afterthought.

Certifications & compliance

SOC 2 Type II (pending confirmation)

ISO 27001 (pending confirmation)

GDPR

UK GDPR

Security practices

✓

Data encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed separately from encrypted data.

✓

Access controls

Role-based access with least-privilege enforcement. Multi-factor authentication available for all accounts. SSO support available on request.

✓

Audit logging

Every action in Lumio360 — journal posts, approvals, logins, exports — is logged with timestamp, user, and IP address. Logs are immutable and retained for 7 years.

✓

Infrastructure

Hosted on leading cloud infrastructure with redundancy across availability zones. 99.9% uptime SLA.

✓

Penetration testing

Independent penetration testing conducted annually. Findings are remediated before the next release cycle.

✓

Data residency

Responsible disclosure

If you discover a security vulnerability in Lumio360, please report it to security@lumio360.com. We will acknowledge reports within 48 hours and aim to resolve critical issues within 7 days.