Skip to main content
Support Fusion

Security at Support Fusion

Support Fusion is ISO 27001 certified. For IT service providers working with regulated enterprise clients, security posture is part of every procurement conversation. Ours is independently audited and continuously monitored.

How we protect your data

Security built into the platform from the ground up, not bolted on after the fact.

No credential storage

Credentials are never hardcoded or stored in the application database. All secrets are held in a dedicated secrets manager.

Data minimisation

The platform transmits only what is needed to sync tickets - using record IDs and metadata rather than raw ticket content.

Encrypted in transit and at rest

All data is encrypted via TLS in transit and encrypted at rest in storage. Data types are segregated across systems.

Continuous monitoring

Unusual activity is monitored continuously with detailed event logging across the platform.

Certifications

Independent verification that our security controls are real, not just documented.

ISO/IEC 27001

Information Security Management

Certified

Support Fusion is certified to ISO/IEC 27001, the international standard for information security management. The certification covers our risk management processes, security controls, and ongoing operational practices — independently audited and verified by an accredited body.

For enterprise procurement teams, we can provide our certificate and Statement of Applicability on request.

SOC 2 Type II

Service Organisation Controls

In progress

SOC 2 Type II certification is currently underway. The audit evaluates our security, availability, and confidentiality controls over a defined operating period. Completion is expected before the end of 2026.

If you have a procurement requirement that needs our current security posture in writing, get in touch and we can provide documentation.

Security questions

Do we need to create user accounts for our IT service providers in our ITSM?
No. IT service providers connect via their own Support Fusion account using a secure connection code. There are no external user accounts to create, no licences to assign, and no identities to manage or revoke in your ITSM.
Does Support Fusion store our ticket data?
No. Support Fusion processes ticket data in transit but does not retain it. We store only the record IDs and metadata needed to keep tickets linked between platforms. Raw ticket content is never persisted in our systems. Support Fusion is ISO 27001 certified, with customers in healthcare, finance, and retail.
What authentication method does Support Fusion use to connect to my ITSM?
Support Fusion connects using OAuth2 where the platform supports it - no passwords are stored, and access is granted through a secure OAuth flow that you authorise and can revoke at any time. Basic authentication is also supported for platforms that require it.
What permissions does Support Fusion need on our ITSM?
Support Fusion provides a configuration guide that sets out the recommended role and permissions. The guide covers all available modalities - if you only need incidents and not service requests, for example, you can scope the role accordingly. Enterprise environments typically create a dedicated integration service account with a custom role limited to what the integration actually requires. Our team is happy to work through the right permission set with your ITSM admin.
How does Support Fusion handle data security?
Support Fusion is ISO 27001 certified. All data is encrypted in transit via TLS and at rest in storage. Data types are segregated across systems, and continuous monitoring is in place with detailed event logging. Support Fusion is used in healthcare, finance, energy, and retail environments.
Is Support Fusion SOC 2 certified?
SOC 2 Type II certification is currently in progress and expected to complete before the end of 2026. Support Fusion is already ISO 27001 certified, which covers a comparable scope of security controls. If you have a procurement requirement in the meantime, get in touch and we can provide documentation on our current security posture.
Does Support Fusion support single sign-on?
Yes. Support Fusion supports Google and Microsoft Entra SSO. Enterprise teams can manage access through their existing identity provider, with MFA enforced across all accounts.
How does Support Fusion handle API credentials and secrets?
Support Fusion never hardcodes credentials or stores them in the application database. All secrets are held in a dedicated secrets manager with strictly controlled access.

Have a specific security question?

Talk to the Support Fusion team about your security requirements, compliance obligations, or how we handle your data.

Get in touch