Products
Nursery & Primary
Secondary
Post-16
Independent
Multi-Academy Trust
Extras
Nursery & Primary
Admissions+ for Early Years
Simplify Nursery application and EYFS onboarding
Secondary
Admissions+ for Secondary
Tools to support the transition and onboarding of Year 7 students
Exams+
A simple way for parents to register for the 11+ and access their results
Options+
Effortless collection, management and modelling for Year 9 options
Applicaa Futures
Powerful tools for Year 11 references and destination tracking
Post-16
Admissions+ for Post-16
A revolutionary enrolment experience for sixth forms and colleges
Bursary16+
A comprehensive management system to manage your 16 to 19 Bursary Fund
ApplicaaOne
The UK’s only all-in-platform for sixth form and college applications
Independent
Admissions+ for Independents
Powerful tools to transform every aspect of the admissions cycle
Bursary+
A system designed specifically to enhance the bursary application process
Multi-academy Trust
MAT Dashboard
A universal solution that centralises admissions across your network
Extras
Admissions+ for Faith Schools
A neat solution for the extra steps required for religious schools
Data+
Making your annual data collection process easier than ever
Pricing
About Us
About Applicaa
Our team
Partnerships
Integrations
Offers
Security
Resources
Customer success
Product roadmap
Webinars
Events
0208 762 0882
info@applicaa.com
Watch demo
Book a meeting
0208 762 0882
info@applicaa.com
Applicaa Security
Safeguarding data is at the core of everything we do
Our approach to security is comprehensive, proactive and aligned with globally recognised standards. We are proud to be ISO 27001:2022 compliant, showcasing our commitment to maintaining a robust Information Security Management System (ISMS).
This page outlines the key measures we take to ensure the confidentiality, integrity and availability of data across our platform. From rigorous data protection policies and secure hosting infrastructure to stringent access controls, encryption practices and incident response planning - security is built into every layer of our operations.
Whether you're a customer, partner, or stakeholder, our Trust Centre provides transparency into how we protect your information, comply with GDPR, and continuously evolve our security practices to meet the highest standards.
Visit the Trust Centre
1. ISO 27001:2022 Compliance & Trust Center
Certification
  • We are ISO 27001:2022 compliant, demonstrating we have an established Information Security Management System (ISMS) that follows globally recognised standards.
  • This certification ensures systematic risk management, continuous security improvement, and adherence to robust policies that protect the confidentiality, integrity, and availability of information.
  • We have a defined process for responding to data incidents, supported by a documented incident response plan reviewed regularly as part of our ISO compliance. The process includes internal reporting, escalation to our DPO and product leaders, immediate investigation, logging, analysis, remediation, and reporting to the ICO if necessary. We have experienced no such data breaches within the last three years.
  • We have published our ISMS security policy, procedures, and controls in our Applicaa Trust Centre for easy access, providing a more detailed view of our security practices.
2. Data Protection & GDPR Compliance
Policies & Procedures
  • We have a comprehensive Data Protection and GDPR Policy in place. These policies are readily available on our website and upon request to assist with any DPIA (Data Protection Impact Assessment) processes.
  • The privacy policy includes details on the specific information shared with subprocessors and the purpose of that sharing.
  • They are based on best-practice templates and align with regulatory guidelines (e.g., ICO Guidance).
3. Hosting & Physical Security
AWS Infrastructure
  • Our services are hosted on Amazon Web Services (AWS) in London.
  • AWS provides best-in-class cloud and physical security controls such as restricted physical access, video surveillance, and multi-factor authentication for data center personnel.
  • This robust infrastructure addresses the critical physical security concerns around server hardware and facilities and service reliability.
4. Network & Application Security
Penetration Testing
  • We conduct annual penetration tests on our application and infrastructure.
  • Our penetration testing partner - Astra Security is CREST Approved, confirming the testing meets recognised industry standards and covers critical vulnerabilities (including the OWASP Top 10).
Secure Development Lifecycle
  • We adhere to secure coding practices and perform code reviews to mitigate common vulnerabilities. This includes scanning code changes for security vulnerabilities before deployments.
  • Regular security assessments ensure ongoing alignment with best practices.
5. Authentication & Access Controls
2FA (Two-Factor Authentication)
  • We offer 2FA that schools can activate for staff and applicants.
  • This optional extra layer of security helps ensure only authorised individuals can access the system.
Brute Force Protection
  • We implement throttling for repeated failed login attempts. This prevents large-scale brute force attacks while avoiding unnecessary lockouts for legitimate users.
Admin Access
  • Administrative privileges are restricted to authorised Applicaa staff personnel. Access to customer platforms is via company SSO.
  • Support staff have limited privileges for editing and exporting data.
  • Access to AWS Database is managed via VPN and MFA. Access is limited to specific engineers and logging is in place.
  • Access to critical systems including AWS is reviewed regularly as part of ISO Compliance.
  • All employees must complete regular security and GDPR training to stay informed on best practices for protecting personal and confidential data.
6. Data Security & Encryption
Encryption in Transit
  • All data transmitted between the platform and users is secured with HTTPS/TLS, protecting it from interception or tampering.
Encryption at Rest
  • Our databases and backups are encrypted using keys managed through AWS KMS.
  • Sensitive data (e.g., passwords) is stored using secure hashing and salting methods.
Multi-Tenant Architecture
  • Customer data resides in a shared database environment with separate schemas, ensuring logical segregation.
  • This structure simplifies backups, restores, and data exports while maintaining strict access control.
7. Backup, Disaster Recovery & Data Retention
Backup Frequency & Retention
  • We maintain point-in-time backups for the last 35 days to enable quick restoration if needed.
  • Beyond 35 days, periodic backups are retained for up to 2 years, allowing extended recovery options.
Storage Location & Encryption
  • Backups are stored securely in AWS.
  • All backup data is encrypted at rest using the same key management system as our production database.
Restoration & Testing
  • We regularly test our restore procedures to ensure minimal downtime in case of incidents.
  • Access to backups is limited to authorized personnel with strict controls in place.
8. API Security
Secure Connection
  • Our MIS Integrations communicate with the MIS over HTTPS/TLS, providing end-to-end encryption.
  • API credentials are encrypted.
Data Handling
  • The integrations securely transmit data to the web API. There is no local storage of data beyond what is necessary for authenticated sessions.
  • All data transfer is protected in transit, ensuring confidentiality and integrity.
Table of content
Ready but don’t know where to start?
No worries, we’re here to help
Complete this form for more information about Applicaa products
Our team is online from 8am to 4pm for support and we’d love to talk about how we can work together.
Streamlining admissions and onboarding, simplifing data collection and improving efficiency for schools, students and parents.
Products for
Nursery & PrimarySecondaryPost-16MATsIndependent
About us
ApplicaaOur teamPricingPartnersIntegrations
Resources
WebinarsNewsEvents
Contact
Book a meetingCustomer Success
Cookie policyTerms & conditionsPrivacy policySecurity
Copyright © 2022 Applicaa LTD, All Rights Reserved