Security isn't a feature. It's the foundation.

Taking security and privacy seriously.

Knowa is used by boards and committees across UK pensions, charities, schools, and family offices. Security is designed into the platform from the start. Architected, certified, and continuously audited.

Certified · Aligned · Audited

The frameworks Knowa is built to.

ISO 27001

Certified

GDPR

Aligned

UK DPA 2018

Compliant

NIST CSF

Aligned

SOC 2

Aligned

Our posture

Every organisation using Knowa expects their data to remain private and protected.

We continuously strengthen Knowa to meet the evolving challenges of security and cyber threats. Every organisation using our platform expects their data to remain private and protected, and we've built Knowa with that responsibility at its core.

Knowa is ISO 27001 certified and designed in alignment with GDPR, the UK Data Protection Act 2018, and the NIST Cybersecurity Framework.

While we don't disclose sensitive details about our defences, transparency matters. Below, we've outlined the key measures and standards that ensure Knowa remains a secure, compliant, and trusted environment for our clients.

Data Encryption

All user data is protected in transit and at rest. We use FIPS 140-2 certified AES-256 encryption at rest and TLS 1.3 in transit, with ECDSA and RSA algorithms. Encryption keys are managed under strict access controls with regular rotation.

Server & Infrastructure

Knowa is hosted on tier-one cloud infrastructure with physical security, redundant power, and 24/7 monitoring. Servers are hardened to industry benchmarks with continuous patching, intrusion detection, and automated failover. Separate production, staging, and development environments.

People & Access

All staff undergo background checks and sign confidentiality agreements before access to production. Access follows least-privilege principles. Privileged access is reviewed quarterly and revoked immediately on role change. Staff receive annual security and data-protection training.

Logging & Monitoring

Every authentication, access, and administrative action is logged with tamper-evident timestamps. Logs are retained in immutable storage. Anomaly detection monitors for suspicious patterns. Security events escalate to on-call engineers with defined response times.

Development & Testing

Secure software development lifecycle with mandatory peer code review, automated static analysis, and dependency vulnerability scanning. Independent penetration testing is conducted at least annually. Security fixes prioritised by severity with tracked remediation SLAs.

User Access & Authentication

Customers control their own users, roles, and permissions. Multi-factor authentication available for all accounts. Single sign-on (SSO) supported for enterprise customers. Session management, password policies, and account lockout aligned to NIST guidance.

Custom Governance Controls

Administrators can configure permissions per-workspace, per-document, and per-user. Sensitive records can be restricted to named individuals. Full audit trail for every access, edit, download, and share. Data residency and retention policies configurable to your organisation's requirements.

Request more detail

For auditors, CISOs, and security teams: we welcome the review.

For a detailed overview of our security posture, including our ISO 27001 Statement of Applicability, request access from security@knowa.co. We welcome security reviews from prospective clients, auditors, and partners.

Security you can stand behind. Governance you can stand on.

See how Knowa brings enterprise-grade security to every trustee meeting, charity board, and governing body.

Book a demo →