Building best-in-class enterprise security at Ledgy

Our focus at Ledgy is helping companies and people achieve more together by making equity really work. Building trust with our customers has always been key to this mission. As we’ve scaled, we’ve continually revisited our core platform and services to ensure we remain at the cutting edge when it comes to security and privacy.

We’re proud that Ledgy offers a best-in-class set of technologies and processes designed to keep your critical data safe, and to empower large, complex organisations to do great work with minimal hassle. Let’s review some of the biggest recent milestones.

Enterprise security: the last 12 months

SOC 2 Type 2 compliance

We were pleased earlier this year to obtain the SOC 2 Type 2 information security standard. Adhering to SOC 2 Type 2 standards means that our processes and systems when it comes to handling customer data are robust and comprehensive. An external auditor assessed Ledgy’s platform and systems over a period of months, noting no exceptions to the standard.

You can find more information on our SOC 2 status here. A copy of our SOC 2 report is available under NDA on request.

Single Sign On (SAML-SSO)

We know our customers want to ensure their employees can access Ledgy simply, speedily and securely. That’s why this year we rolled out our SAML-based SSO functionality with SCIM provisioning, to help teams log in smoothly without a separate password. (For customers who do use passwords, we already offer two-factor authentication to keep logins secure.)

Ledgy’s SSO works with Azure, Google and Okta. Read about all our integrations, and learn how to set up SAML-SSO on Ledgy here.

Penetration testing

We conduct regular penetration testing (pentest) exercises with information security consultancy EAmmune. Our most recent pentest report (September 2023) confirms that Ledgy's application and infrastructure security is extremely robust with no critical, high or medium findings encountered.

EAmmune concluded that Ledgy’s app environment offers users and customers a high level of security. A copy of our pentest report is available under NDA on request.

Coming up: ISO 27001

We are working towards obtaining our ISO27001 certification, another indicator of the overall health and strength of our information security posture. We expect to formally attain ISO 27001:2022 certification in H1 2024.

Creating a secure environment for your equity data

All these recent improvements are built on top of strong foundations when it comes to web application security, including strong encryption, data governance and operational security. Providing high availability for our users is fundamental: we’re proud that our platform uptime in the last 60 days at time of writing (encompassing September and October 2023) was effectively 100%.

But we are not standing still, and we will continue to invest in delivering unparalleled security for the thousands of people and businesses that use Ledgy every day.

You can read a summary of our security and privacy policies here, and remember: you’re always welcome to speak to one of our experts who’ll be happy to tell you more.