Tikabu

Trust Centre

Overview

At Tikabu, we recognise that trust is fundamental when managing operational and security data. This Trust Centre provides transparency into how Glue is designed, secured, and operated to protect your organisation's information.

Glue is built to support secure, controlled visibility of your IT environment while maintaining strict data protection, access control, and compliance practices.

Core Principles

  • Least privilege access across all systems and integrations
  • Defence in depth across identity, infrastructure, and application layers
  • Secure-by-design development practices
  • Continuous monitoring and improvement

Security

Glue is designed with a security-first approach, incorporating industry-aligned controls and best practices across all layers of the platform.

Identity & Access Management

  • Multi-factor authentication (MFA) enforced for all accounts
  • Role-based access controls (RBAC) with clear separation of privileges
  • No shared or generic accounts for administrative access

Data Protection

  • Encryption in transit using industry-standard protocols (TLS 1.2 or higher)
  • Encryption at rest for all data
  • Customer data is logically separated, with each customer provisioned a dedicated database to ensure isolation.

Monitoring & Detection

  • Centralised logging of system activity
  • Monitoring for anomalous behaviour and defined escalation processes
  • Documented incident detection and response procedures

Endpoint & Operational Security

  • Managed and secured staff environments
  • Endpoint protection and patch management controls in place
  • Secure operational processes aligned with industry standards

Compliance

Tikabu is ISO 27001:2022 certified, demonstrating our commitment to managing information security through a structured, independently audited management system. Glue is developed and operated within this certified ISMS.

Certifications & Standards

  • ISO 27001:2022 certified — independently audited by Global Compliance Certification (GCC)
  • Formal security policies covering access control, incident response, risk management, and more
Tikabu ISO 27001 Certified

Independent Assurance

  • Regular security testing, including vulnerability assessments
  • Independent security reviews and audit processes
  • Availability of penetration test summaries (on request)

Policies & Documentation

We maintain a comprehensive set of security policies, including:

  • Information Security Policy
  • Incident Response Plan
  • Business Continuity & Disaster Recovery Plan
  • Access Control Policy
  • Third-Party Risk Management Policy

Detailed documentation is available on request under appropriate access controls.

Architecture

Glue is designed to integrate with your environment securely while minimising risk and exposure.

Platform Architecture

  • Cloud-based and hybrid deployment options
  • Designed to operate with minimal required access to customer systems
  • Integration with existing enterprise tooling (e.g. identity and asset systems)

Data Handling

  • Glue primarily processes metadata related to systems, identities, and assets
  • No unnecessary storage of sensitive credentials or data beyond operational requirements
  • Controlled data storage and hosting environments

Integration Model

  • Supports read-only integrations where possible to reduce risk
  • Secure API-based integrations with authentication and authorisation controls
  • Role-based access to integration data

Privacy & Operational Resilience

We are committed to safeguarding personal and organisational data in line with applicable privacy principles.

  • Data is collected and processed only for defined operational purposes
  • Data retention practices align with business and regulatory requirements
  • Customer data is not shared with third parties without appropriate controls
  • Subprocessors are managed under a formal third-party risk management framework

Incident Response

  • Defined procedures for detection, triage, and response
  • Escalation pathways and customer notification processes
  • Continuous improvement based on incident learnings

Business Continuity & Disaster Recovery

  • Backup and recovery processes in place
  • Tested approaches to service restoration
  • Documented continuity planning

Third-Party Risk Management

  • Formal vendor onboarding and risk assessment processes
  • Ongoing monitoring of vendor security posture
  • Requirements for vendors to maintain appropriate security controls

Resources

To support your due diligence and vendor assessment processes, the following resources are available on request.

  • Security Overview Pack (PDF)
  • Architecture overview and data flow diagrams
  • Policy documents and control summaries
  • Penetration test summary reports
  • Standard security questionnaire responses

Access to detailed documents is controlled and may require an NDA. Contact us to request access.

Request Access

For detailed documentation, security questionnaires, or specific queries, please get in touch.

©2026 Tikabu Pty Ltd ABN 65 620 382 292. All rights reserved.

Privacy Policy  |  Trust Centre