Explore next

Integrations

Xero, Sage, REST API

Explore →

About Us

Clockwork IT and Banyan Software

Explore →

Book a Demo

Request our security information pack

Explore →

Security & Compliance

Your data. Secure.
UK-based. Always.

TotalCtrl stores all customer data in the United Kingdom. Every record, including job data, compliance certificates, engineer locations and financial information, stays on UK soil, in UK AWS infrastructure.

For enterprise FM and energy customers with data sovereignty, UK GDPR or sector-specific compliance requirements: your data never leaves the UK.

Platform security status

status.clockworkit.co.uk · All systems operational

Data residency
UK only (AWS eu-west-2)
Encryption
AES-256 at rest · TLS 1.3 in transit
Uptime SLA
99.9% · Monitored 24/7
Backup frequency
Every 6 hours · 35-day retention
Last pen test
Q4 2025 · CREST certified
UK GDPR
Compliant · DPA registered
Eight security pillars

How we protect your data.

🔐

Encryption at rest and in transit

All data encrypted at rest using AES-256. All data in transit encrypted using TLS 1.3. Encryption keys managed via AWS KMS with hardware security modules.

🏢

UK data residency

All customer data stored in AWS eu-west-2 (London). No data leaves the United Kingdom. Relevant for UK GDPR compliance and data sovereignty requirements.

👤

Role-based access control

Granular permissions by role: planners, engineers, operations directors, finance. Engineers see only their own jobs. Managers see their teams. Admins control everything.

🔑

Single sign-on (SSO)

SAML 2.0 and OAuth 2.0 SSO support. Integrate with your existing identity provider: Azure AD, Google Workspace, Okta. MFA enforced for all administrator accounts.

📋

Full audit logging

Every user action is logged, including job creation, schedule changes, compliance captures and invoice approvals, with timestamp, user ID and IP address. Audit logs are immutable and retained for seven years.

🛡️

Penetration testing

Annual third-party penetration testing by CREST-certified security firm. Test reports available to enterprise customers under NDA on request.

💾

Automated backups

Database backups every 6 hours. Point-in-time recovery to any 5-minute interval within the last 35 days. Backups stored in a separate AWS region and tested quarterly.

📊

Uptime and SLA

99.9% uptime SLA for Professional and AI+ plans. Status page at status.clockworkit.co.uk. Planned maintenance windows communicated 7 days in advance.

UK GDPR

Data protection. Documented.

TotalCtrl is operated by Clockwork IT Ltd, registered as a Data Controller with the Information Commissioner’s Office (ICO). Our data processing practices comply with UK GDPR.

Data Controller registration

Clockwork IT Ltd is registered with the ICO. Registration number available on request.

Data Processing Agreements

DPAs available for enterprise customers and public sector organisations. Contact us with your requirements.

Subject access requests

We respond to all data subject requests within 30 days. Contact info@clockworkit.co.uk.

Data retention

Customer data retained for the duration of the contract plus 7 years for audit purposes. Deletion on request after contract end.

Security questions for your IT or procurement team?

We provide a security information pack including pen test summary, data flow diagrams and DPA template to shortlisted organisations.

Or email us: sales@clockworkit.co.uk