SECURITY & COMPLIANCE
SECURITY BUILT
FOR LAW ENFORCEMENT
Monolith is engineered to meet the stringent security requirements of UK law enforcement, government, and regulated enterprise. Every layer of the platform is designed with security as the primary concern.
CERTIFICATIONS & STANDARDS
INDEPENDENTLY VERIFIED
SECURITY CREDENTIALS
CYBER ESSENTIALS PLUS
NCSC-certified Cyber Essentials Plus certification, independently verified by an accredited assessor. Demonstrates robust protection against the most common cyber threats.
ISO 27001 ALIGNED
Information security management system aligned with ISO/IEC 27001:2022 international standard. Comprehensive risk management and security controls across all operations.
UK GDPR & DPA 2018
Full compliance with UK General Data Protection Regulation and Data Protection Act 2018. Data Protection Impact Assessments completed for all processing activities.
G-CLOUD FRAMEWORK
Listed on Crown Commercial Service G-Cloud framework, enabling simplified procurement by UK public sector bodies including all police forces and government departments.
NPCC STANDARDS
Aligned with National Police Chiefs' Council standards for digital evidence handling, forensic capability, and information management in law enforcement.
OFFICIAL-SENSITIVE READY
Platform architecture and security controls designed to handle data classified at OFFICIAL-SENSITIVE under the UK Government Security Classifications Policy.
ARCHITECTURE
DEFENCE IN DEPTH
AT EVERY LAYER
Monolith's security architecture follows NCSC guidance and employs multiple independent layers of protection. No single point of failure can compromise the integrity or confidentiality of your evidence.
All data encrypted at rest with AES-256. All data in transit protected with TLS 1.3. Encryption keys managed via UK-hosted HSM.
AES-256 Encryption
Zero-Trust Network Architecture
Every request authenticated and authorised regardless of network location. No implicit trust based on network position.
24/7 security operations centre monitoring. Automated threat detection with sub-minute response times. SIEM integration available.
Continuous Security Monitoring
UK Sovereign Infrastructure
All infrastructure hosted exclusively in UK data centres. No data leaves UK jurisdiction. Disaster recovery within UK.
Regular penetration testing by CREST-accredited security firms. CHECK-approved testers for government-classified environments.
Penetration Testing
All system activity logged to tamper-proof, append-only audit store. Logs retained for minimum 7 years. SIEM export available.
Immutable Audit Logs
UK LEGAL COMPLIANCE
COMPLIANT WITH EVERY
UK LEGAL OBLIGATION
CRIMINAL PROCEDURE AND INVESTIGATIONS ACT 1996 (CPIA)
Monolith's disclosure management module is built around CPIA obligations. Unused material schedules (MG6C/MG6D) are generated automatically from case evidence. Disclosure decisions are logged with full audit trail.
UK GENERAL DATA PROTECTION REGULATION (UK GDPR)
Data subject rights, retention schedules, and lawful basis documentation are managed natively. Data Protection Impact Assessments are maintained and available for ICO inspection.
INVESTIGATORY POWERS ACT 2016 (IPA)
Monolith supports the evidential requirements of IPA-authorised investigations. Handling of communications data and equipment interference product is managed with appropriate controls.
MANAGEMENT OF POLICE INFORMATION (MOP)
Information management, retention, review, and disposal (MRRDD) schedules are built into the platform. Automated review prompts ensure MoPI compliance without manual tracking.
POLICE AND CRIMINAL EVIDENCE ACT 1984 (PACE)
Evidence handling procedures within Monolith are aligned with PACE codes of practice. Seizure records, examination logs, and continuity documentation all meet PACE requirements.
COMPUTER MISUSE ACT 1990
Access controls and audit logging within Monolith support prosecution of unauthorised access offences. Evidence of system access is preserved in tamper-proof logs.
REQUEST OUR SECURITY PACK
Download our full security documentation pack, including penetration test summaries, certification evidence, and DPIA templates for your force's procurement process.