Security & data protection

Security and data protection, by design

Synap is ISO/IEC 27001:2022 certified, GDPR compliant, and built on hardened, resilient infrastructure. Your data stays yours — never sold, shared, or used to train AI.

Independently verified

  • ISO 27001

    Certified to the 2022 standard

  • GDPR

    Compliant, plus global privacy laws

  • 99.9%

    Uptime SLA

  • EU & US

    Regional AWS hosting

Certifications

Certified, and continuously monitored

Synap holds ISO/IEC 27001:2022 certification for our Information Security Management System, independently audited with annual surveillance audits. We use Vanta to monitor our security controls continuously, not just at audit time.

Certified scope
“The development, operation and support of the delivery of the Synap online assessment platform.”

Request our ISO certificate, penetration test summary, policies and more from the Trust Center.

Data ownership

Your data is yours. Full stop.

You keep full control of your content and candidate data. Synap is a processor acting on your instructions — nothing more.

  • You own everything

    All content and candidate data on your portal belongs to you, and never to Synap.

  • No secondary use

    We never sell or share your data, and we never use it to train AI models.

  • Residency, export & deletion

    Keep data in the EU or US, export it at any time, and request erasure on demand.

Compliance & privacy

Built for global data-protection law

GDPR is our primary framework, and our data-protection practices are designed to meet its equivalents worldwide. For education customers, we support FERPA obligations.

  • GDPR (EU)
  • UK GDPR & DPA 2018
  • CCPA / CPRA (US)
  • PIPEDA (Canada)
  • POPIA (South Africa)
  • LGPD (Brazil)
  • Australian Privacy Principles
  • FERPA (US education)

A Data Processing Agreement is available on request, and we keep a deliberately limited, vetted list of subprocessors.

Infrastructure & resilience

Hardened infrastructure, engineered to stay up

Synap runs on AWS with a security-first architecture and the resilience to handle exam-day peaks.

  • AWS, EU & US regions

    Hosted on Amazon Web Services with regional options in the EU and US.

  • Network isolation & hardened runtimes

    Private VPCs and NAT gateways keep systems off the public internet, on minimal, regularly patched runtimes.

  • Encrypted in transit & at rest

    TLS 1.2+ in transit and AES-256 at rest.

  • 99.9% uptime SLA

    A 99.9% SLA as standard, with automated scaling for high concurrency and enhanced SLAs for critical periods.

  • Backups & redundancy

    Continuous backups with tested restores, across multiple availability zones and regions.

  • 24/7 monitoring & insurance

    Round-the-clock automated monitoring, backed by worldwide business and cyber insurance.

Track live availability on our status page. View status

Security practices

How we build and operate securely

The controls behind the platform. Full detail is available in our Trust Center.

Access

  • Single Sign-On (SAML, OIDC, JWT, ADFS)
  • Enforced MFA and strong password policies
  • Role-based, least-privilege access
  • IP allowlisting and audit logs

Testing & monitoring

  • Independent penetration testing (OWASP Top 10)
  • Continuous vulnerability scanning
  • Prioritised, tracked remediation

Secure development

  • Peer code review
  • Automated dependency and code scanning
  • Least-privilege deployments

People & response

  • Staff security training and background checks
  • Documented incident response and breach notification
  • Responsible disclosure programme

Looking for exam security?

Looking for exam security?

This page covers platform security

Everything here is about how we protect your data and run the platform — infrastructure, compliance, access and resilience.

Visit our Trust Center

Securing individual exams

For the controls that keep a specific exam fair and cheating-free — lockdown, proctoring, randomisation, passcodes and more — see assessment security.

Explore assessment security

Security review

Running a security or procurement review?

Send us your security questionnaire, or book a call and we will walk your IT and compliance teams through our certifications, hosting and controls.

FAQs

Security and data-protection questions, answered

Find quick answers or browse our academy .

Can't find your answer?

Confidence for your security and compliance teams

Book a security review, or explore our Trust Center for certifications, policies and controls.

Certified & independently rated

ISO 27001 Certified