Learn More About How We Keep Our Platform and Customers Data Safe and Secure

We take security seriously at PageUp, that’s why we’re certified to industry best practice frameworks and use best in breed technology to empower Security, learn more below.


PageUp's Unified Talent Management Platform is ISO 27001 Certified

Industry recognised and best practice to implement an effective Information Security Management System.

PageUp is certified to ISO/IEC 27001:2013. ISO 27001 is widely regarded as best practice for implementing an Information Security Management System and the most complete security guideline in existence.

Compliance to this standard is merely a byproduct, the real value for both PageUp and our clients is that we implement controls that are industry recognised and externally audited twice a year to verify their effectiveness and compliance to this standard.

The scope of PageUp’s ISO 27001 ISMS is key also, while many companies may just certify their homepage, or the HR Department, PageUp’s ISO 27001 Scope is across the entire Unified Talent Management platform, plus the development and support of that platform, giving our clients peace of mind.

View our ISO 27001 certificate, details and scope here.

Furthermore the environment that hosts the PageUp Unified Talent Management Platform maintains multiple certifications for its data centers, people and services. For more information about their certification and compliance status, please visit the AWS Security website and the AWS Compliance website.


Risk Management

No system is perfect, flaws, weaknesses and vulnerabilities will be found. Because of this, Risk Management across any SaaS or Technology platform is key. PageUp bases its Risk Management methodology on the international standard for Risk Management ISO 31000:2009.

PageUp uses a two-tiered approach for managing information security risk. Using a two-tiered approach allows for the periodic assessment of risks across the entire organisation, as well as ongoing day-to-day management of individual risks as they are identified.

Asset Risks

Asset Risks are annually identified and assessed at a high (strategic) level to determine the common risks across the entire PageUp environment. This risk assessment is used to determine a set of common security controls to be applied across the organisation. These security controls are defined in the PageUp information security policies. Risks in the asset risk register are reviewed on an annual basis and the set of common controls modified as required.

Tactical Risks

Any new risks identified throughout the year are entered into a tactical risk register and managed from there. These risks often relate to new systems, new threats (e.g. a new type of virus) or newly discovered vulnerabilities. These risks are reviewed at least quarterly with the Information Security Governance Committee (ISGC) to discuss progress or to agree that the risk has been either accepted or treated and can be closed.

Trusted Technical Partners



PageUp's solution is hosted on Amazon Web Services (AWS). AWS are highly compliant and maintain strong Security which PageUp are able to take advantage of immediately.



PageUp leverages Imperva Incapsula for WAF, IDS/IPS Protection technologies. It provides protection against all OWASP Top 10 threats, bad bot attacks, DDOS attacks, Vulnerability Scanners etc.



PageUp utilise Sophos Cloud Endpoint Protection on all staff machines and our Unified Talent Management Platform. It is a technique and behaviour based platform that updates in real time, meaning effective protection against zero-day threats.

Cloud Conformity

Cloud Conformity gives PageUp continual assurance and pro-active alerting across our entire AWS Infrastructure. It has over 300 checks that run multiple times per day across the 5 pillars of AWS Operational Excellence - Security, Reliability, Performance Efficiency and Cost Optimisation.

Visit Partner Site


PageUp send all email from the Unified Talent Management Platform from SendGrid. SendGrid offer all clients the ability to receive email to their internal infrastructure via end-to-end TLS. SendGrid and PageUp both fully support SPF, DKIM and DMARC for added Security.



Although PageUp have extensive logging and alerting via AWS Cloudwatch and Internal monitoring software, Pingdom allow us a separate 3rd party monitoring platform that shows insights in availability, performance and uptime.


SAI Global

SAI Global are the compliance and risk experts. They did the original ISO 27001:2005 Certification for PageUp when we first became certified in 2013, the upgrade to ISO 27001:2013 in 2015 and continue to do annual surveillance audits across the PageUp Unified Talent Management Platform, Development and Support.

BluePrint IS

PageUp engaged BluePrint IS before becoming originally certified to assist PageUp in the development of the ISMS to ensure it was correctly aligned and able to be certified with ISO 27001. We continue to use their services annually in the capacity as our Internal Auditor for ISO 27001:2013

Visit Partner Site
PaloAlto Duo

PaloAlto + Duo

Strong segregation between PageUp staff and the production environment is key to maintain secure access to client data. We use Palo Alto Authentication Policies with an additional layer of 2FA via DUO to provide locked down, time expiry (8 hours) based access to those users that require it.

Next DC Vocus

Next DC + Vocus

NEXT DC and Vocus allow PageUp to connect to our AWS Infrastructure, API’s and Consoles via secure, dedicated and private connections.



The very nature of Slack means that PageUp use it for many purposes, especially Security. We have a Security channel for Security talk and awareness around the business, Security Alerts channel to collate Security news, patches, vulnerabilities etc. Alerting channels to tell us when our providers may be having issues that will affect our clients and some shared channels with our key 3rd party providers for real time discussion.

Defense In-depth


Modern Browser

PageUp supports all modern browsers. No plugins, no software.


HTTPS Default

All connections to PageUp are sent over HTTPs using TLS 1.1 and above and on modern, secure cipher suites.



ADFS, OKTA, SAML, etc, whatever you use, we can implement SSO so setting new passwords is not required. Just use your work login for seamless login and ensure all passwords, timeouts etc match your internal policy requirements.



Industry Leading WAF, IDS, IPS, DDOS protection from Imperva Incapsula for all requests to PageUp’s Unified Talent Management Platform



Strong security policies across our Elastic Load Balancers, only accepting traffic from our WAF.


AWS Security Groups

Security groups setup on least privilege basis. Regularly and automatically reviewed for changes.


Client Segregation

Individual core DB per client. Hot/hot mirroring.


AWS Security

Strong physical and logical security controls around the hosting locations, trusted by PageUp and the worlds biggest and most security conscious companies.


HA Architecture

We regularly test and verify our Disaster Recovery plans and commitments to our clients with zero impact to clients given our Highly Available, Secure and Elastically Scalable infrastructure.


Network Segregation

We heavily segregate and protect our production environment from our offices. PageUp Office access to sensitive data is protected behind firewalls that require 2 Factor Authentication to access. This access expires every 8 hours and need to be repeated to re-establish access.

PageUp’s Information Security Governance Committee


Karen Cariss

CEO & Co-founder

mark rice

Mark Rice


tal rotbart

Tal Rotbart


brad barnett

Brad Barnett

Senior Technical Advisor

paul heasley

Paul Heasley

Technical Adviser

abhaya chauhan

Abhaya Chauhan

Senior Technical Advisor

joey condon

Joseph Condon

IT Manager

dayne nash

Dayne Nash

Chief Product Owner

david clarke

David Clarke

ISO Compliance & Security Officer

anna thorburn

Anna Thorburn

Legal General Counsel

Deborah Mason

Deborah Mason

SVP Global Talent

Anton Felich

Anton Felich

Technical Adviser


Jeremy Hearn

Security & Compliance Analyst

The Information Security Governance Committee (ISGC) actively support security within PageUp through clear direction, demonstrated commitment, explicit assignment and familiarity with all areas of the business including:

  • Provide security leadership & guidance
  • Oversee security operations at PageUp
  • Raise security awareness across PageUp
  • Create, update and enforce Security Policies
  • Evaluate security related feedback from the business
  • Identify, log, manage and mitigate/close Security Risks
  • Run the ISGC meetings, which discuss risks, feedback, improvements, policy updates, audit results etc.

Data Sovereignty

Data Sovereignty

As a client, you choose where you want your data to reside. AWS allows PageUp to run at a global scale, easily and securely.

PageUp has a number of data centers to offer clients, depending on their primary location or preference, please see below:

Client LocationPageUp Data Centre
Australia / New ZealandData is hosted in the Sydney AWS region.
ap-southeast-2a, ap-southeast-2b, ap-southeast-2c
Singapore / Hong Kong / China / Thailand / Malaysia / IndonesiaData is hosted in the Singapore AWS region.
ap-southeast-1a, ap-southeast-1b
USA / Canada / South AmericaData is hosted in the US, in the N. Virginia AWS region.
us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1e, us-east-1f
UK / EU / South AfricaData is hosted in the Ireland AWS region.
eu-west-1a, eu-west-1b, eu-west-1c

Searching location on map and pin above blue tone city scape and network connection, internet of things, satellite navigation system concept

Trusted By The Biggest


Let's chat about how we could help you get the best from your human capital

Book Demo