Is Heed ISO 27001 certified?

Yes. Heed is ISO 27001 certified, meaning our information security management practices have been independently audited and verified against the international standard.

Where is Heed's cloud data hosted?

Heed's cloud platform is hosted on Amazon Web Services (AWS). We support flexible region selection to meet your organisation's data residency requirements.

Can Heed be deployed on-premises?

Yes, Heed can be deployed on-premises within your own infrastructure for complete control over your data.

Does Heed support Single Sign-On?

Yes. Heed supports SSO via Active Directory, SAML 2.0, and Office 365, allowing users to authenticate through your existing identity provider across both the management console and client applications.

How is data encrypted in Heed?

All data in transit is encrypted using HTTPS with TLS 1.2 and Perfect Forward Secrecy. Data exchanged with Heed applications is further protected with AES-256 encryption, and locally cached data is also encrypted at rest using AES-256.

Security Overview | Heed ISO 27001 Certified Platform

Certifications and Compliance

ISO 27001 Certified

Heed is ISO 27001 certified, demonstrating an independently audited and verified approach to information security management. This certification covers the policies, processes, and controls that govern how data is protected across the platform.

Heed's cloud infrastructure runs on Amazon Web Services (AWS), which holds its own ISO 27001 certification alongside SOC 1, SOC 2, and SOC 3 accreditations — providing a further layer of independently verified security at the infrastructure level.

GDPR Compliant

Heed is compliant with the General Data Protection Regulation (GDPR), demonstrating a committed and accountable approach to the handling of personal data. This covers how data is collected, processed, stored, and deleted across the platform in line with European data protection law.

For organisations operating across multiple jurisdictions, Heed's flexible deployment options — including regional AWS hosting and true on-premises deployment — support the data residency requirements that sit at the heart of GDPR compliance.

Infrastructure and Deployment

Cloud Infrastructure

Heed's cloud platform runs on Amazon Web Services (AWS), one of the most widely audited and certified cloud environments available. AWS data centres hold ISO 27001 certification alongside SOC 1, SOC 2, and SOC 3 accreditations, providing a robust and independently verified foundation for the Heed platform.

For organisations that need their data to remain within a specific region or jurisdiction, Heed supports flexible AWS region selection to meet data residency requirements.

Data Residency and Regional Hosting

For organisations operating in regulated industries, knowing where your data is physically stored is as important as how it is protected. Heed's cloud platform is hosted on Amazon Web Services (AWS), which operates data centres across multiple regions globally. This gives us the flexibility to host your data within a specific geographic region to meet your organisation's data residency obligations.

If regional hosting alone does not satisfy your compliance requirements, Heed's on-premises deployment option ensures your data never leaves your own infrastructure entirely — removing any dependency on external hosting providers.

Discover more

On-Premises Deployment

For organisations where data must remain entirely within their own walls — common in financial services, healthcare, and government — Heed offers true on-premises deployment. The software is installed and runs entirely within your own infrastructure. No data is routed through external servers, and no cloud dependency is introduced.

This is a meaningful distinction from vendors who offer "private cloud" arrangements that still rely on third-party hosting.

Discover more

Identity and Access Management

Active Directory integration

Heed integrates with Active Directory, including support for SSO, SAML 2.0, and group sync — allowing you to manage user access through your existing directory infrastructure.

Single Sign-On

Users can authenticate via your organisation's existing identity provider. SSO is supported across both the Heed management console and client applications.

Configurable Password Policy

AWS Shield provides protection against distributed denial of service attacks at both the network and application layer.

Two-factor Authentication

Two-factor authentication is available as an additional layer of account protection.

Role-based Access Control

Administrators can configure granular access privileges and roles at both individual and group level, limiting what users can see and do within the platform.

API Security

The Heed API is accessible over HTTPS and secured using token-based HTTP authentication.

Our Commitment to Security

What keeps Heed moving forward

Availability and Data Resilience

Heed cloud services are backed by a 99% uptime guarantee. Daily backups are performed across all systems, with backup data retained for up to 30 days.

Incident Response

In the event of a security incident, Heed follows a structured response process to identify, contain, and resolve issues quickly. Affected customers are notified promptly.

People and Process

All Heed employees sign a confidentiality agreement and receive regular security training. Access to production systems is restricted to essential personnel only.

Customer Stories

Discover real stories from organisations using Heed to transform their employee communication.

Enterprise Major Incident & Monitoring Communications in Banking

Discover how Citi uses Heed’s on-premise solution to automate major incident communications, integrate with ServiceNow and Netcool, and deliver governed enterprise alerts at scale.

students working at laptops in a library

Strengthening Communication in Education with Heed

A UK university improved internal communication with Heed’s alerts, boosting visibility to 92%, reducing missed deadlines and strengthening HR and employee benefits communication campus-wide.

doctor reading an alert on a tablet screen

Transforming Internal Communication Strategy in Healthcare with Heed

Heed's desktop alerts delivered critical notifications to clinical and admin staff, improving message visibility and reducing email reliance.

Common Questions

Have a question about how Heed handles your data? Here are answers to the questions we hear most often from IT and security teams evaluating the platform. If you don't find what you're looking for, get in touch with our team directly.