Security - Placecube

At Placecube, we understand that security is not a feature—it is the foundation of trust. We provide digital platforms that handle sensitive data for millions of citizens and stakeholders. Our "Security by Design" philosophy ensures that every line of code we write and every cloud environment we manage meets the highest international standards for integrity, availability, and confidentiality.

Our security pillars

Security by Design
We integrate security into the earliest stages of our development lifecycle. By utilising a "Shift Left" approach, we identify and mitigate vulnerabilities long before code reaches a production environment.

Proactive Defense
Our infrastructure is monitored 24/7. We employ automated threat detection, real-time alerting, and regular penetration testing to stay ahead of an ever-evolving global threat landscape.

Total Transparency
We believe in clear communication. From our vulnerability disclosure policies to our uptime reporting, we provide our clients with the visibility they need to feel confident in their digital estate.

Our credentials

We hold ourselves to the most stringent independent standards to ensure your data is managed responsibly.

Standard	What it means for you
ISO27001	Our Information Security Management System (ISMS) is independently audited to ensure global best practices in data protection.
Cyber Essentials Plus	We have undergone rigorous technical verification to protect against the most common cyber threats.
GDPR	Privacy is baked into our platforms, ensuring all citizen data is processed in strict accordance with UK and EU law.

Platform security features

As experts in Liferay DXP and AWS, we leverage the native security strengths of these world-class technologies:

Identity & Access Management (IAM): Granular, role-based access control and Multi-Factor Authentication (MFA) to ensure only authorized personnel touch your data.
Data Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+) using industry-standard protocols.
Automated Patching: Our managed services include automated vulnerability scanning and security patching, ensuring your platform is never exposed to known "Day Zero" vulnerabilities.
DDoS Protection: Leveraging AWS Shield and advanced firewall technology to ensure your services remain online even during sophisticated volumetric attacks.

Vulnerability disclosure policy

We maintain a responsible disclosure program. If you believe you have discovered a security vulnerability in a Placecube service, we encourage you to contact our security team immediately at security@placecube.com. We investigate all reports promptly and work transparently to resolve any valid issues.

Frequently asked questions

Where is our data stored?

Most Placecube solutions are hosted within the AWS UK region (London) to ensure data sovereignty and compliance with local regulations, though we can accommodate specific regional requirements for global clients.

How often do you perform penetration testing?

We conduct comprehensive third-party penetration tests at least annually, with additional targeted testing performed after any significant architectural changes. We also perform automated vulnerability scanning against all of our platforms on a weekly basis.

Do you have an Incident Response Plan?

Yes. Placecube maintains a robust Incident Management Framework that defines clear communication channels, escalation paths, and recovery procedures to minimise impact in the event of an anomaly.

Security & Compliance

Frequently asked questions