Security & Governance
Enterprise grade governance for regulated financial institutions
Hedge designs and builds digital infrastructure for asset managers, private equity firms, hedge funds and family offices.
The environments in which our clients operate demand structured governance, disciplined information security and operational control.
Security, data protection and risk management are embedded into how we operate as a business and how we deliver projects.
We already have a number of policies availble to clients but are currently progressing ISO 27001 and SOC 2 Type II certification, supported by Vanta and WorkStreet. Our internal controls, monitoring systems and documented procedures are aligned to internationally recognised security standards and structured to meet institutional expectations.
Compliance is everything.
Information Security Management
Our information security programme is aligned to ISO 27001 principles. This includes formal risk assessment, documented controls, continuous monitoring and defined accountability at leadership level.
SOC 2 Control Environment
Our policies and processes are structured around the core trust principles of security, availability and confidentiality. Controls are designed to protect client information and platform integrity across all hosted environments.
Data Protection
Hedge operates in accordance with UK GDPR requirements. We maintain documented data handling procedures, defined retention policies and formalised access controls to protect personal and sensitive data.
Access Management
Role based access control is enforced across systems and infrastructure. Access is granted on the principle of least privilege and reviewed regularly.
Vendor and Subprocessor Oversight
We maintain documented vendor review processes and oversight procedures to ensure that third party service providers meet appropriate security standards.
Incident Response
We operate a formal incident response framework with defined escalation paths, communication protocols and post incident review processes.
Information Security Management
Our information security programme is aligned to ISO 27001 principles. This includes formal risk assessment, documented controls, continuous monitoring and defined accountability at leadership level.
Business Continuity and Backup
Documented backup and recovery procedures are in place to protect service availability and support operational resilience.
Our Trust Centre
Our Trust Centre will provide public access to core policies, security documentation and compliance controls. It is designed to support client due diligence, procurement reviews and investor scrutiny.
Where appropriate, additional documentation will be made available upon request to support operational due diligence processes.
Let's TalkThe Trust Centre will include:
Information Security Policy
Data Protection Policy
Incident Response Plan
Business Continuity Plan
Vendor Management Policy
Access Control Policy
Supporting Client Due Diligence
Hedge actively supports client security questionnaires, procurement reviews and operational due diligence exercises.
We understand the expectations placed on regulated investment firms and structure our governance accordingly.
Security enquiries can be directed to:
Built for Regulated Environments
Security at Hedge underpins how we design, develop and maintain digital platforms for the alternative investment industry. Governance is not layered on after delivery. It informs architecture decisions, hosting configurations, data handling and ongoing support.
As we progress ISO 27001 and SOC 2 Type II certification, we continue to strengthen our internal control environment to align with the institutional standards expected by our clients.
26/02/2026