Home | Security and Compliance

Security & Compliance

Centranum is designed for organizations that require strong security and compliance – data protection, auditability, and enterprise-grade access controls. The platform supports regulated, safety-critical, and compliance-driven environments across healthcare, government, manufacturing, utilities, and professional services.

Table of Contents

Certifications & Assurance

SOC 2 Type II

Centranum maintains independent third-party assurance in accordance with the SOC 2 Type II framework.

Centranum has successfully completed two independent SOC 2 Type II audits, demonstrating the design and operating effectiveness of its security controls.
The audited control environment remains in place, with no material changes since the most recent audit period.
Centranum is currently undergoing a further SOC 2 Type II audit, with an updated report expected later in the year.
SOC 2 documentation is available to customers and prospective customers under NDA.

Data Protection & Isolation

Centranum is architected to minimize data exposure and prevent cross-customer access.

Per-client database isolation — each customer operates within a logically isolated database
No shared customer data tables across tenants
Logical separation of environments (development, staging, production)
Encryption in transit using industry-standard TLS protocols

Access Control & Auditability

The platform provides granular control over who can access data and what actions they can perform.

Role-based access control (RBAC)
Configurable permissions by role, module, action and organizational entity
Support for complex organizational hierarchies (e.g. regions, business units, subsidiaries)
Full audit trail of user actions, changes, and assessments
Evidence tracking for competency, performance, and compliance workflows

Hosting & Infrastructure

Centranum operates across multiple enterprise-grade hosting environments to support regional requirements and resilience.

Hosting environments – Centranum supports multiple deployment models to meet customer requirements, including cloud-based deployments, on-premises installations, and region-specific hosting where required.:
Segregated development, staging, and production environments to support controlled development, testing, and release processes.
Regular operating system and dependency updates
Controlled, script-based deployment processes
All environments (production, staging, and development) are subject to continuous monitoring and alerting, with defined operational procedures supporting availability and incident response.

Backup & Disaster Recovery

Centranum maintains automated backup and recovery procedures to support business continuity.

Automated backups across regions
Data encrypted at rest with access controls
Cross-region redundancy where applicable
Tested restoration procedures
Typical recovery capability within a few hours, depending on data volume and region

Privacy & Data Usage

Centranum is designed to respect customer data ownership and privacy requirements.

Customers retain ownership of all data and content uploaded to the platform
Practices aligned with GDPR and applicable regional data protection regulations
Customer data is not used to train public or shared AI models
AI-assisted features operate only on customer-authorized data within their environment

Use in Regulated Environments

Centranum supports organizations operating in regulated and compliance-driven contexts.

Suitable for healthcare, government, utilities, and safety-critical industries
Does not require storage of PHI unless explicitly configured by the customer
Supports audit-ready evidence, traceability, and role-based validation workflows
Enables separation between training records, competency assessment, and performance processes where required

Security Enquiries

For security questionnaires, compliance documentation, or additional technical details, please contact us via the Centranum contact page.