<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=309980020850282&amp;ev=PageView&amp;noscript=1">
All systems operational

Security and trust
built into everything.

Skyjed is built for regulated industries where data integrity, access control, and compliance aren't optional. Here's exactly how we protect your organisation.

๐Ÿ›ก
SOC 2 Type II Certified
Security, availability & confidentiality
๐Ÿ”
ISO 27001 Certified
Information security management
๐Ÿ‡ช๐Ÿ‡บ
GDPR Compliant
EU & UK data protection
โ˜๏ธ
AWS GovCloud Hosted
Enterprise-grade cloud infrastructure
๐Ÿ“‹
Pen Testing Annual
Independent third-party testing
Data security

Your data is encrypted, isolated, and yours.

Every piece of data in Skyjed is protected at rest and in transit โ€” with strict tenant isolation ensuring no data is ever shared across customer environments.

โœ“
AES-256 encryption at restAll data stored in Skyjed is encrypted using AES-256, the same standard used by financial institutions and government agencies globally.
โœ“
TLS 1.3 encryption in transitAll data transmitted between your browser and Skyjed's servers is encrypted using TLS 1.3 โ€” the current industry standard for secure transport.
โœ“
Strict tenant isolationEach customer environment is fully isolated at the data layer. Your data is never commingled with another organisation's data, and cross-tenant access is architecturally impossible.
โœ“
Automated backups with point-in-time recoveryData is backed up continuously with point-in-time recovery capabilities. In the event of an incident, your data can be restored to any point within the retention window.
โœ“
Data residency optionsEnterprise customers can specify data residency requirements โ€” Australia, EU, and UK regions are supported. Your data stays where your regulators expect it.
โœ“
Data deletion on requestWhen a customer relationship ends, data is deleted in full within 30 days. We provide written confirmation of deletion on request.
Infrastructure overview Live
Cloud provider Amazon Web Services Active
Hosting regions AP-Southeast, EU-West, US-East
Encryption at rest AES-256 Enabled
Encryption in transit TLS 1.3 Enforced
Tenant isolation Database-level Active
Backup frequency Continuous + daily snapshots
PITR window 35 days
DDoS protection AWS Shield Advanced Active
Vulnerability scanning Continuous automated + annual pen test
Uptime SLA (Enterprise) 99.9% Guaranteed
Access control

The right people see the right things.

For regulated industries, access control isn't just a security feature โ€” it's a compliance requirement. Skyjed gives you granular control over who can view, edit, approve, and audit every asset in your portfolio.

๐Ÿ”‘
Single Sign-On (SSO)
Connect Skyjed to your existing identity provider โ€” Okta, Azure AD, Google Workspace, and others. Enterprise-only. Enforced across all users with no exceptions.
๐Ÿ‘ฅ
Role-based permissions
Define exactly what each role can see, edit, approve, and export. Viewer, contributor, reviewer, approver, and admin roles โ€” all fully configurable to your org structure.
๐Ÿ”
Multi-factor authentication
MFA is supported across all plans and enforced by default on Enterprise. Authenticator apps, SMS, and hardware keys are all supported.
๐Ÿ“‹
Full access audit logs
Every login, permission change, data access, and administrative action is logged with timestamp, user identity, and IP address. Immutable and exportable on request.
๐Ÿšช
Session management
Configurable session timeouts and automatic logout after inactivity. Administrators can terminate active sessions remotely โ€” useful for offboarding and incident response.
Idle timeout: configurable 15 min โ€“ 8 hrs ยท Force logout: admin-controlled
๐Ÿ›‘
IP allowlisting
Enterprise customers can restrict platform access to specific IP ranges โ€” ensuring Skyjed can only be accessed from approved office networks or VPNs.
Available on Enterprise plans ยท Configurable per environment
๐Ÿ“ค
Controlled data export
Data export permissions are managed separately from view permissions. Administrators can restrict which roles are permitted to export asset data, reports, and audit trails.
Export logs retained for 12 months ยท Available for compliance review
Regulatory compliance

Built for industries where compliance is non-negotiable.

Skyjed is designed specifically for organisations operating under regulatory frameworks. We support the compliance obligations of our customers โ€” and meet our own.

๐Ÿ‡ฆ๐Ÿ‡บ
APRA
Australian Prudential Regulation
CPS 511, SPS 515, and product governance obligations for Australian financial institutions and superannuation funds.
๐Ÿ‡ฌ๐Ÿ‡ง
FCA
UK Financial Conduct Authority
Consumer Duty, product governance, and fair value obligations for UK-regulated firms and product manufacturers.
๐Ÿ‡ช๐Ÿ‡บ
DORA
Digital Operational Resilience Act
ICT risk management and operational resilience requirements for EU financial entities under DORA.
๐Ÿ‡ช๐Ÿ‡บ
GDPR / UK GDPR
Data Protection
Full compliance with EU and UK GDPR. DPA available on request. Data processing agreements executed with all sub-processors.
๐Ÿ‡ช๐Ÿ‡บ
EU Product Act ยท ESPR
Ecodesign for Sustainable Products Regulation
Skyjed supports compliance with ESPR product lifecycle, documentation, and traceability requirements โ€” giving manufacturers a structured environment to manage the obligations the regulation creates.
๐Ÿ‡ช๐Ÿ‡บ
EU DPP
EU Digital Product Passport
The Digital Product Passport mandates end-to-end product lifecycle tracking, structured data collection, and traceability across the supply chain. Skyjed's Asset Register, lifecycle tracking, and evidence collection capabilities are purpose-built for exactly these requirements.
Why this matters for Skyjed customers

The EU Product Act and Digital Product Passport aren't just compliance obligations โ€” they're a structural shift in how products must be documented, tracked, and evidenced across their entire lifecycle. Organisations that already manage their products in Skyjed are significantly better positioned to meet these requirements than those relying on spreadsheets or disconnected systems. Read our DPP readiness guide โ†’

โœ“
Data Processing Agreement (DPA)A signed DPA is available for all customers. It details how Skyjed processes personal data on your behalf and the obligations of each party under applicable data protection law.
โœ“
Sub-processor registerA complete and current list of all sub-processors is maintained and available on request. Customers are notified of any changes with appropriate notice period.
โœ“
Standard Contractual ClausesWhere data is transferred outside of the EU or UK, Standard Contractual Clauses are in place to ensure appropriate safeguards are applied.
โœ“
Right to erasure and portabilityData subject rights requests are handled within statutory timeframes. Data can be exported in standard formats and deleted in full on request.
โœ“
Privacy by designData minimisation, purpose limitation, and privacy-by-default principles are applied across all product development. A privacy impact assessment process is embedded in the engineering workflow.
๐Ÿ“„ Request our security documentation pack โ†’
Reliability

99.9% uptime. Because downtime in regulated environments has consequences.

Skyjed is built on a multi-region, highly available infrastructure designed to stay operational even under degraded conditions. Enterprise customers receive a contractual uptime SLA with defined remedies.

โœ“
Multi-region failoverSkyjed operates across multiple AWS availability zones. If one region experiences an issue, traffic fails over automatically with no manual intervention required.
โœ“
Scheduled maintenance windowsPlanned maintenance is scheduled outside of business hours in your timezone and communicated with at least 72 hours notice via email and the status page.
โœ“
Real-time status pageAll incidents, degraded performance events, and maintenance windows are published in real time at status.skyjed.com. Customers can subscribe to alerts by email or webhook.
โœ“
Incident response SLACritical incidents are acknowledged within 15 minutes and resolved or mitigated within 4 hours. A full post-incident report is published within 72 hours.
Platform uptime โ€” last 12 months
All regions combined
99.96%
rolling 12-month average
Operational
Degraded performance (resolved)
Enterprise uptime SLA 99.9% guaranteed
RTO (recovery time objective) 4 hours
RPO (recovery point objective) 1 hour
Critical incident response 15 min acknowledgement
Status page status.skyjed.com โ†’
Responsible disclosure

Found a vulnerability? We want to hear from you.

Skyjed operates a responsible disclosure programme. If you've identified a potential security issue, please report it directly to our security team โ€” we take every report seriously and respond promptly.

How to report
1
Email our security team
Send details of the potential vulnerability to security@skyjed.com. Include steps to reproduce and any supporting evidence you have.
2
We acknowledge within 24 hours
Our security team will confirm receipt within 24 hours and provide an initial assessment of severity and likely timeline for investigation.
3
We investigate and patch
Critical vulnerabilities are patched within 72 hours. We'll keep you updated throughout the process and notify you when the fix is deployed.
4
Recognition
With your permission, we acknowledge security researchers who responsibly disclose valid vulnerabilities in our public security acknowledgements page.
In scope
โœ“
Authentication and session management vulnerabilities
โœ“
Cross-tenant data access or isolation failures
โœ“
Privilege escalation and authorisation bypasses
โœ“
Injection vulnerabilities (SQL, XSS, SSRF)
โœ“
Sensitive data exposure in API responses
โœ‰๏ธ security@skyjed.com
FAQ

Security questions we hear from procurement and InfoSec teams

Can we conduct our own security assessment or penetration test? +

Yes. Enterprise customers can request permission to conduct penetration testing with advance notice. We require a scoping agreement and at least two weeks notice.

Where is our data stored and can we specify the region? +

Customer data is stored in the region closest to the primary user base. Enterprise customers can specify Australia, Ireland, or US East.

Does Skyjed have access to our data? +

Staff access is restricted to authorised engineers with formal access requests and manager approval. All access is logged and audited quarterly.

What happens to our data if we leave Skyjed? +

You have a 30-day export window. After that, data is deleted from production within 30 days and backups within 90 days.

Is Skyjed compliant with APRA CPS 234? +

Skyjed aligns with APRA CPS 234 requirements. We can provide documentation for your own assessments.

How are security incidents communicated? +

We notify affected customers within 72 hours. Enterprise customers also receive direct contact from their customer success manager.

Security documentation available

Questions for your InfoSec
or procurement team?

We provide a full security documentation pack on request โ€” including our SOC 2 report, penetration test summary, DPA, and sub-processor register.