Skip to content
Contact us

Privacy and security at the core of Sedex

We are certified to global ISO standards that reflect our commitment to protecting data across the Sedex platform – every day, for every member.

Learn more

Our standards

Sedex manages large volumes of sensitive supply chain data. We take that responsibility seriously – ensuring both privacy and security are embedded into our platform and our processes.

We are certified to the following international standards:

  • ISO/IEC 27001:2022 – Information Security Management
  • ISO/IEC 27701:2019 – Privacy Information Management

These certifications confirm that Sedex operates under structured, independently audited controls to manage and protect data – from system design to user access, from encryption to compliance.

What this means for you

Whether you are a Buyer, Supplier or both, you can be confident that your information is handled with care. With ISO 27001 and ISO 27701 in place, Sedex ensures that:

  • Personal and business data is protected by strong access controls, encryption, and logging
  • Your data is handled responsibly – not just securely
  • Data handling policies align with GDPR and other privacy regulations
  • Risk management, incident response, and accountability are built into our processes
  • Our systems, teams, and third parties follow strict privacy and security standards

A culture of privacy by design

These certifications reflect more than checklists – they are part of our everyday approach to how Sedex builds, tests, and delivers the platform.

We take a privacy-by-design approach in:

  • Service development
  • Vendor onboarding
  • Internal data access
  • Platform updates and architecture decisions

This helps Sedex stay aligned with evolving legal and regulatory standards, while keeping our systems safe, resilient, and compliant.

What privacy by design means

We design and operate the Sedex platform with security at its core. It’s hosted on AWS, backed by strong operational controls, and delivered through a robust CI/CD pipeline to ensure fast, secure, and reliable updates.

We take a privacy-by-design approach in:

  • Encryption at rest and in transit
  • High availability and fault tolerance
  • Continuous monitoring and alerting
  • Regular vulnerability scans and penetration testing
  • Automated deployments via CI/CD
  • Role-based access controls
  • Regular patching and system updates
  • Incident detection and response processes
  • Frequent data backups with recovery procedures

Request copies of our certifications or more details about our security programme