Security
Security and reliability
An electrical record describes critical infrastructure, and often who can access it matters as much as what it says. CircuitMap is built accordingly.
Access control
Every user has their own account, and role-based permissions control who can view records and who can change them. Contractor access can be granted for the duration of a job and removed when it ends.
Encryption in transit
All traffic between browsers and CircuitMap is encrypted with TLS, with HTTP Strict Transport Security enforced in production.
Hardened application
The application ships with a strict Content Security Policy, clickjacking protection, and modern security headers throughout. Sessions are validated server-side on every request — the browser is never trusted on its own.
Audit trail
Changes to records are attributable: who changed what, and when. For infrastructure records, provenance is part of the value.
Deployment options
CircuitMap can be deployed on dedicated, single-tenant infrastructure — including options suited to organisations that require their building data isolated from any other customer's.
Backups and recovery
Records and documents are backed up routinely, and deployments are designed for straightforward restoration. Your record survives hardware failure the way it survives staff turnover.
Data ownership and export
Your building data is yours. Records and attached documentation can be exported in standard formats at any time — during the subscription and on the way out.
Responsible disclosure
We take security reports seriously. If you believe you have found a vulnerability, contact us and we will respond promptly.
Our approach
Boring on purpose
Security for a records platform isn't a feature list — it's the discipline of defaults: least privilege, server-side validation everywhere, no surprises in how data is stored or who can reach it. We'd rather this page were unexciting and true than impressive and vague. If your organisation has a security questionnaire or procurement requirements, we're happy to work through them — get in touch via the contact page.
Questions about security?
Request a demonstration and bring your IT or information-security colleagues — we'll answer the hard questions directly.