Security & Compliance

Some of the world’s largest businesses trust us to keep their data safe and compliant with regulation

Rest assured - your data is secure

Best practice

Duco is ISO 27001 certified for best practice in information security management and audited twice a year for SOC 2 compliance by a “big four” audit firm. We impose strict standards on our data centres and audit them annually.


All Duco servers are full-disk encrypted using 256-bit AES, the standard used by governments for top-secret documents. Communications are encrypted using TLS and our servers are not accessible from the internet. VPN and leased line connectivity are also available.

"Shared nothing" architecture

Our systems offer various levels of segregation guarantees, from a database per client, to physical servers dedicated to individual clients. Duco makes it impossible for your data to get “mixed up” with other firms.

Access control & audit

Duco has built-in access control and audit functions. Fine grained permissions lock down what users can do with data. All actions taken by users are retained in an online audit log for seven years.

Business continuity & backup

All Duco applications run “hot” in two separate physical locations. Disaster recovery is immediate. Result data produced by Duco is backed up and archived for up to ten years.


Duco is being used on five continents by firms subject to a variety of regulatory regimes, such as the UK Financial Conduct Authority (FCA), German BaFin or US SEC/CFTC. We understand what it takes for you to be compliant when using SaaS.

Previous Next

Need to know more about our security policies and practices?