Security & Compliance

Security is not a page on our website; it is how the company runs. Because clients trust us with the platforms their businesses depend on, we treat our own estate as the first customer of every security practice we sell, and we hold that estate to recognised, published frameworks rather than our own definition of good.

The frameworks we work to

We run our information security programme to the structure of ISO/IEC 27001:2022, the international standard for information security management systems, and we map our controls to NIST Cybersecurity Framework 2.0. We maintain a control-by-control mapping of our practices against both frameworks as a living internal register, covering how we govern, identify, protect, detect, respond and recover.

Adopting these frameworks shapes practical decisions: how access is granted and revoked, how changes reach production, how incidents are handled and rehearsed, how suppliers are assessed and how documents are registered, versioned and reviewed. This page will grow into a series as we publish more detail on the individual practices.

Continuous monitoring and audit

Every core system in our estate connects to our security information and event management platform, built on Wazuh, the same managed SIEM we offer to clients.

Every login is logged. Authentication across our estate flows through centralised identity, and every sign-in, permission change and administrative action is recorded.

Sessions on our platform are audited. What user sessions do on the Node platform is logged and reviewable, so questions about who did what, and when, are answered from records rather than memory.

Syslog is centralised. Logs from across the estate stream to central collection, so events can be correlated in one place and cannot be quietly altered on the box that produced them.

The estate is registered. We keep an audit of every system we run: what it is, where it lives, who owns it and how it is monitored, reviewed as infrastructure changes.

The client namespace boundary

There is one deliberate exception to all of this monitoring: your namespace. Our session auditing covers the Node platform itself, not the inside of client environments. We do not watch what happens inside your tenant's applications unless you ask us to deploy that monitoring for you, in which case the same SIEM, logging and audit stack is installed for your benefit, reporting to you. Your workspace is yours; our visibility ends at the boundary unless you invite it in.

Threat management

Monitoring only matters if someone acts on it. Our SIEM correlates events across the estate, applies detection rules and threat intelligence, flags anomalies and raises alerts that our engineers triage and respond to. Vulnerability detection runs across our systems, patching is part of routine operations rather than a project, and file integrity monitoring watches the configurations that matter most.

The tools behind this

The stack that secures our estate is the stack we host for clients: Wazuh for SIEM and threat detection, Keycloak for identity and access with full authentication audit, Passbolt for credential management, and Zabbix with Grafana for infrastructure observability. We sell what we run, and we run what we sell. See the Node Platform for how this translates into each client's private tenant.