Shireburn Software prioritises fulfilling its commitments to clients by safeguarding the security, privacy, and accessibility of the Shireburn Indigo infrastructure.

Alongside hosting Shireburn Indigo on the Microsoft Azure Cloud infrastructure and integrating security measures into the software, we meticulously configure the environment to uphold these standards. Moreover, we periodically engage third-party specialist organisations to conduct impartial evaluations of our systems and infrastructure.

The ISO 27001:2022 standard serves to ensure the ongoing maintenance and enhancement of Shireburn's Information Security Management System. This certification underscores Shireburn's dedication to keeping our team abreast of the latest IT security risks.

By obtaining this certification, we affirm to our clients that the information we handle is managed with precision, safeguarding the confidentiality, integrity, and accessibility (CIA principle) of their data.

ISO 9001:2015 certification means that Shireburn's Quality Management System has met all stipulated criteria, guaranteeing that our products and services align with customer expectations and comply with statutory and regulatory standards.

Attaining this certification reflects our perpetual commitment to embracing innovative approaches, ensuring that the quality of our products and services consistently meets and exceeds both customer expectations and our internal benchmarks.

Penetration Tests are another type of security test consisting of reviewing the practices, software and settings, and any attempts to circumvent any security provisions in the infrastructure or the application software. The findings of these tests are reported to Shireburn Software which, if applicable, would modify any appropriate issues prior to a re-test being undertaken.

The most recent Penetration Test of the Shireburn Indigo environment was undertaken by BMIT Technologies Ltd between October and December 2025. The assessment followed the Penetration Testing Execution Standard (PTES) methodology and incorporated OWASP Top 10 testing practices. Semi-automated and manual techniques were used to evaluate the security of the target systems.

The test confirmed a mature security posture, with no critical or high-severity vulnerabilities identified. The application successfully resisted extensive automated and manual attack scenarios, reflecting strong development practices and robust protective measures. Considering the complexity and functionality of the platform, these results demonstrate a solid security foundation.

BMIT Technologies Ltd is a leading cybersecurity and IT services provider with extensive experience in penetration testing and security assessments. A certificate of successful testing was issued on 16th December 2025 and is linked below.