CPQDash takes security seriously. Your quoting data contains commercially sensitive information — pricing, margins, customer details, product specifications. We treat it accordingly.
All data in transit is encrypted via TLS. No exceptions. Every page, every API call, every file transfer.
Demo dashboards are access-controlled. Production dashboards support role-based access with configurable permission levels.
Demo environments use representative data only. Your real pricing, customer details, and commercial data never appears in any demo or shared environment.
Each client gets their own deployment. Your data is never shared with, visible to, or accessible by other CPQDash clients.
All automated emails (expiry alerts, pipeline digests, approval notifications) are sent via authenticated SMTP with TLS encryption.
Client data is processed and stored in compliance with UK GDPR. We can discuss specific hosting requirements during onboarding.
We strongly recommend that all CPQDash clients hold or work towards Cyber Essentials certification — the UK government-backed scheme that covers the fundamentals of cyber security.
Cyber Essentials protects against the most common cyber attacks and demonstrates to your customers, suppliers, and partners that you take security seriously. For manufacturers handling commercially sensitive quoting data, this is the minimum baseline we recommend.
These are the areas assessed under Cyber Essentials certification:
1. Firewalls — Secure your internet connection with properly configured boundary firewalls and internet gateways.
2. Secure configuration — Choose the most secure settings for devices and software. Remove unnecessary accounts and change default passwords.
3. User access control — Control who has access to your data and services. Only give people the minimum access they need to do their job.
4. Malware protection — Protect against viruses and other malware using anti-malware software, application whitelisting, or sandboxing.
5. Security update management — Keep devices, software, and firmware up to date. Apply patches and updates promptly.
For clients with more advanced requirements, we can discuss:
Cyber Essentials Plus — Includes independent verification through hands-on testing of your systems.
ISO 27001 — The international standard for information security management systems. Recommended for manufacturers handling defence, aerospace, or regulated sector work.
IASME Governance — A comprehensive and affordable alternative to ISO 27001, particularly suitable for SMEs.
Supply chain security — If your customers require security assurances from their suppliers (increasingly common in automotive, aerospace, and defence), CPQDash can be configured to support your compliance posture.
If you believe you've found a security vulnerability in CPQDash, please report it to us via our contact page. We take all reports seriously and will respond within 48 hours.