Skip To main content

Now available:

Benchmark your accessibility practice with data-backed insight |

Download the Fifth Annual State of Digital Accessibility Report

Security Policy


Security is built into the fabric of our Cloud products, infrastructure, and processes, so you can rest assured that your data is safeguarded.

Level Access considers security a permission-to-play value and embeds information security best practice throughout our products and operations. Our Information Security Policy captures this intention and direction from our highest level of management.

ISO 27001

Our industry-leading hosted software platform, and its supporting operations are ISO 27001 certified, giving customers the peace of mind the assets and services are protected. Our Security Statement gives an overview of the controls we have in place. If you would like a copy of our certificate, please email us.

Type 1 SOC 2

The SOC 2 certification adds to Level Access’s existing ISO 27001 certification and FedRAMP Authorization and signals the company’s ongoing commitment to enterprise security, management, and support. The successful examination provides tangible proof of the platform’s strong security, while simultaneously streamlining the procurement process for organizations seeking a digitally accessible solution.

Business continuity and disaster recovery

Keeping information confidential and free from destruction is one thing, but you need to know our services will be there when you need them. To ensure this we leverage AWS’s world-class infrastructure to provide the highest level of resilience on the underlying infrastructure. We have built our services and processes on top of that infrastructure to recover and self-heal, guaranteeing we meet both your needs and exceed our SLA. Our Business Continuity Statement describes our technical continuity and recovery strategies we put in place from Business Continuity Planning and testing exercises to meet these needs.

External penetration testing

New vulnerabilities are being discovered every day and all modern software has dependencies. This is why we put together a robust Vulnerability Management Policy and security testing program to ensure we monitor and respond to vulnerabilities as quickly as possible. Our Vulnerability Management Policy is itself internal-only, however, to provide assurance to customers, other interested parties and to ourselves, we run an annual third-party penetration test against the platform to test that our Policy and Program are performing as expected. Please email for a copy of the latest attestation report.

Access.JS white paper

As the leaders at the vanguard of digital accessibility, we develop cutting-edge technologies to help our customers find and fix issues. One such product to help with this is our Access.JS tag library. Tags can bring risk if unmanaged and security-aware teams are right to be cautious about deploying new tags on their websites. To help your teams assess our Access.JS tag library and gain confidence that it does only what it says on the box we have written a white paper. Please please email us for a copy.