Formation Technology
Security & trust

Security, privacy and data governance, built in

Formation CRM is designed for schemes that manage high-value, high-sensitivity records. Security, privacy and data governance are core to how we design, host and support the platform.

ISO 27001 compliant Built for PII MFA & SSO
ISO/IEC 27001 information security certified

Built for sensitive worker, employer and financial data

Schemes handle some of the most sensitive personal and financial information in the country. Formation CRM is engineered for secure handling of personally identifiable information at every layer, from how we develop and host the platform to how your operators access it every day.

What's included

A complete security & data-protection posture

ISO 27001 compliant

Information security managed to a certified-grade standard across people, process and technology.

PII handling

Privacy-first handling of worker and employer records, with secure handling of personally identifiable information.

Multi-factor authentication

MFA for back office and portals using phone authenticator apps or SMS, with optional bypass for trusted addresses.

Single sign-on

SSO including integration with Active Directory Federation Services (ADFS) for identity and authentication.

Secure cloud hosting

Fully-managed, secure cloud hosting with hardened, monitored infrastructure maintained by our team.

AWS & Azure options

Deploy in our managed AWS environment or a dedicated standalone environment in AWS or Microsoft Azure.

Data migration governance

Structured, validated and reconciled migration so sensitive data is handled correctly from day one.

Audit history

Comprehensive audit trail of changes and access across records, returns, claims and correspondence.

Role-based access

Granular, role-based access and row-level permissions so people see only what they should.

Identity & access

Strong authentication and least-privilege access

Protect accounts from unauthorised logins and give every user exactly the access they need, no more, no less.

  • Multi-factor authentication across the Company Portal, Member Portal and Back Office, configurable per portal.
  • Single sign-on with ADFS federated identity for fund staff.
  • Role-based access control with row-level permissions on records and mail items.
  • Trusted-address policies to streamline access for known networks.

For the strongest security

We recommend requiring MFA for both the Company and Member portals.

Per-portal control

MFA available for all portals.

Verified logins

Unique one-time codes complete each sign-in.

Hosting & infrastructure

Host in our fully-managed AWS cloud, or in a dedicated standalone environment in AWS or Microsoft Azure. Either way, infrastructure is hardened, monitored and maintained to ISO 27001-aligned controls, with secure mechanisms for connecting your chosen IT systems.

Governance & assurance

ISO 27001-compliant information security underpins how we develop, deploy and support Formation CRM. A comprehensive audit history records changes and access across the platform, and migration is governed end-to-end so sensitive data is protected from day one.

Secure integrations

Connected to your tools, securely

Formation CRM integrates with the systems your scheme relies on, using simple, powerful and secure mechanisms, so data moves safely between platforms.

BankingEmailSMSTelephony Identity (ADFS / SSO)Single Touch PayrollGeneral ledger BI & reportingABN & address validation

Talk to us about security

We're happy to walk your risk, security and governance teams through how Formation CRM protects sensitive scheme data.

Book a demo Contact us