Skip to main content
Enterprise Security

Built for Industries Where Security Is Non-Negotiable

TestCert is designed for aerospace, oil & gas, pressure vessels, and pharmaceutical sectors where data integrity, traceability, and compliance are mandatory — not optional.

SOC 2 Type II

Annual audit — security, availability, confidentiality

GDPR

EU General Data Protection Regulation compliant

ISO 27001

Information security management system (in progress)

TLS 1.3 / AES-256

Industry-standard encryption in transit and at rest

Security Architecture

Every layer of TestCert is designed with security-first principles to protect your critical materials data.

Encryption in Transit & at Rest

All data is encrypted with TLS 1.3 in transit and AES-256 at rest. No certificate data is ever transmitted in plain text.

SOC 2 Type II

TestCert undergoes annual SOC 2 Type II audits covering security, availability, and confidentiality trust service criteria.

GDPR Compliant

We comply with GDPR requirements. Data residency options are available. Personal data is handled with explicit consent and minimal retention.

Immutable Audit Logs

Every action — upload, validation, approval, export — is logged with a tamper-proof audit trail. Logs cannot be altered or deleted.

25-Year Document Retention

Mill test certificates and certificates of conformance are retained for 25 years, meeting aerospace, oil & gas, and pressure vessel compliance requirements.

Role-Based Access Control

Granular RBAC ensures users only access data relevant to their role. Tenant isolation prevents cross-organisation data access.

AWS Infrastructure

TestCert runs on AWS with multi-AZ redundancy, automated backups, and optional AWS GovCloud deployment for regulated industries.

Penetration Testing

Independent third-party penetration tests are conducted annually. Critical findings are patched within 24 hours.

Responsible Disclosure

If you discover a security vulnerability in TestCert, please report it responsibly. We commit to acknowledging reports within 24 hours and resolving critical issues within 72 hours.

Report a Vulnerability