trust center

Data security and privacy

Woman working on a laptop with only her hands showing

Our approach to security and privacy

Secure Code Warrior is committed to safeguarding our information assets, and those of our customers, against misuse, abuse or compromise. Your data is important to us. Security and privacy standards are baked into our everyday processes throughout our organization. Learn how we secure the platform and your data.

View whitepaper

How we secure our products

Our products are operated and hosted in AWS, utilizing their world-class security features and benefits. Secure Code Warrior has established a Product Security Framework that ensures our products protect your people and data.

Secure cloud

We host our services and data in AWS, leveraging AWS’ world-class data-centers and their security benefits, certifications, and US and EU locations.

secure practices

We utilize AWS’ well-architected framework to ensure the best possible security practices are implemented and followed.


We have threat detection enabled and actively respond to alerts and security incidents according to a predefined plan and process.


TLS 1.2 (or higher) is enforced for all communications to and from any endpoint, such as APIs or web servers. We leverage industry standard AES-256 encryption for data at rest.

vulnerability management

Our infrastructure and applications are continuously scanned for known vulnerabilities, which when identified are then managed according to our vulnerability remediation process.

Secure code training

Our software engineers are trained to understand and prevent the most common and severe vulnerabilities impacting software.

third party libraries

We continuously scan 3rd-party libraries for known vulnerabilities and work to resolve them according to our vulnerability remediation process.


We regularly engage expert third-parties to perform penetration tests in addition to our internal testing and scanning programs.


Changes to our products go through a series of security tests and assessments prior to being deployed, including SAST, DAST, and container vulnerability scanning.


Code is quality assured by peer review and using a test-based approach where our engineers include security test cases.

Single Sign-On

The Secure Code Warrior Learning Platform supports SSO, enabling organisations to extend their own authentication controls for staff accessing the Platform.

Role-based access control

Data access within Secure Code Warrior is governed by role-based access control (RBAC), with a limited number of roles.

SECURE ACCESS to production data

All access to production systems is strictly controlled with MFA being enforced. Access to production databases is further secured with ephemeral credentials.

Compliance, certifications and assessments

Our products are operated and hosted in AWS, utilizing their world-class security features and benefits. Secure Code Warrior has established a Product Security Framework that ensures our products protect your people and data.

Security and privacy resources

Below you will find a list of resources you can view to validate our security and privacy standards. Please note that some resources require an NDA. If you require these resources, kindly reach out to your account manager or e-mail our support team through the form below.

ISO 27001:2013

Secure Code Warrior is ISO 27001:2013 certified.
View certificate

ISO 27701:2019

Secure Code Warrior is ISO 27701:2019 certified
View certificate

The Information Security and Privacy Management Policy

Download policy

CAIQ Questionnaire

View certificate

SCW Pentest Summary Report

Available under NDA

Shared Assessment SIG Lite Questionnaire

Available under NDA

SCW Cyber Insurance Certificate

Available under NDA

FSQS-NL Certificate

Available under NDA

Platform Architecture Diagram

Available under NDA

Report a security vulnerability

If you are a security researcher or user of the Secure Code Warrior Learning Platform, and have discovered a potential security vulnerability we'd appreciate your help in disclosing it in a responsible manner and encourage you to let us know right away.

Responsible disclosure policy

Looking for something more specific?

Additional privacy and security documents are available upon request, but may require a mutual non-disclosure agreement to be completed. Please complete the form below and we'll be in contact with you to explore your request.

*Indicates mandatory fields.

We do ask a few questions so that we can better understand things, but know that your personal details are cared for like we would care for our own. Read our Privacy Policy for more info.

Thank you! Your request has been received!
Oops! Something went wrong while submitting the form.

Embrace developer-driven secure coding

Contact us today and make software security an intrinsic part of your development process.