Security

Overview

EnRep is built with a security-first approach covering application, infrastructure, and operational controls. We design for least privilege, data minimisation, and auditability.

Data protection and privacy

• UK GDPR and Data Protection Act 2018 aligned processing.
• Roles are defined contractually. EnRep Limited acts as a processor for client data; clients act as controllers..
• Company details: ENREP LIMITED, Company No. 14458466. Registered Office: 11 Defender Court, Hylton Riverside Enterprise Park, Sunderland, United Kingdom, SR5 3PE.
• Data subject rights are supported via the controller. A Data Processing Addendum (DPA) is available on request.

Data segregation

• Per‑tenant separation at application and database level (client‑scoped databases and identifiers).
• Code paths enforce tenant scoping on all reads and writes.

Encryption

• In transit: HTTPS (TLS) for application access.
• At rest: backups are encrypted. Production replication uses secure transport.
• Passwords are not stored in plaintext.

Authentication and access control

• Role‑based access control across administrative and surveyor functions.
• Session‑based authentication.
• Two‑factor authentication mode setting for all admins.

Application security

• Prepared statements for database operations.
• Input validation and output encoding are applied to reduce injection and XSS risk.
• Dependencies are maintained and updated routinely.

Backups and disaster recovery

• Real‑time mirroring is configured.
• Recovery Point Objective (RPO): 4 hours.
• Recovery Time Objective (RTO): 24 hours.

Availability and performance

• Capacity planning based on active surveyors and inspection volume.
• Maintenance windows are communicated in advance.

Vulnerability management

• Routine dependency updates and security patches.
• Secure coding standards and code review for changes.

Compliance information

• UK GDPR / DPA 2018 aligned
• Data residency: United Kingdom
• DPA available on request
• 2FA: Client controlled optional security layer