Security
Encryption, access controls, certifications — protecting your project data at every layer.
1.1 Data Encryption
PlanOps implements industry-standard encryption to protect your construction project data:
- Data at rest: AES-256 encryption for all stored data, including project documents, drawings, and reports
- Data in transit: TLS 1.3 encryption for all communications between your browser, our servers, and integrated CDEs
- API communications: All API endpoints secured with HTTPS and authenticated tokens
- Database encryption: Encrypted database connections with key rotation policies
1.2 Access Controls
Robust access management ensures only authorised personnel can access your data:
- Multi-factor authentication (MFA): Required for all user accounts, supporting authenticator apps and SMS verification
- Role-based access control (RBAC): Granular permissions at project, organisation, and document levels
- Single Sign-On (SSO): SAML 2.0 integration with enterprise identity providers including Microsoft Entra ID and Okta
- Session management: Automatic session timeout after periods of inactivity, with configurable policies
- Audit logging: Complete audit trail of all user actions, document access, and system changes
1.3 UK Infrastructure
All PlanOps infrastructure is hosted within the United Kingdom:
- UK data centres: Primary and backup infrastructure located in UK regions, ensuring data sovereignty
- No international data transfers: Your project data never leaves UK jurisdiction without explicit consent
- Tier 3+ data centres: Physical security including biometric access, 24/7 monitoring, and redundant power systems
1.4 Security Certifications & Roadmap
PlanOps is committed to achieving and maintaining industry-recognised security certifications:
| Certification | Status | Target Date |
|---|---|---|
| Cyber Essentials | In Progress | Q1 2026 |
| Cyber Essentials Plus | Planned | Q2 2026 |
| ISO 27001:2022 | Roadmap | 2027 |
Cyber Essentials is a UK Government-backed scheme that helps organisations protect themselves against common cyber attacks. Certification demonstrates our commitment to baseline security controls including firewalls, secure configuration, user access control, malware protection, and patch management.
Founder experience: PlanOps founder Ian Yeo previously led Operance to successful ISO 27001 certification, maintained through to acquisition in 2025. This hands-on experience with information security management systems informs PlanOps's security-first approach and certification roadmap.
1.5 Penetration Testing & Vulnerability Management
- Regular penetration testing: Annual third-party penetration testing by CREST-accredited security firms
- Continuous vulnerability scanning: Automated scanning of infrastructure and application code
- Patch management: Critical and high-severity vulnerabilities (CVSS 7+) patched within 14 days per Cyber Essentials requirements
- Responsible disclosure: Security researchers can report vulnerabilities to security@planops.ai
Need more details?
Download our security documentation or speak with our team.