Trust CentreData Protection & Information Management

Data Protection & Information Management

SIFTR is designed to support evidence-led cyber assurance activities while maintaining appropriate controls around the handling of organisational information.

The platform has been developed with transparency, auditability and information governance in mind, supporting organisations that require structured and traceable assurance processes.

Data Residency

  • UK Hosting: Platform infrastructure is hosted within AWS London (eu-west-2).
  • UK Processing: Assessment processing is performed within UK-hosted infrastructure.
  • No Overseas Transfer: Customer data is not intentionally transferred outside the United Kingdom for storage purposes.

Information Retention

  • Uploaded Documents: Original uploaded files are used temporarily during assessment processing and are not retained as long-term files within the assessment workflow.
  • Assessment Outputs: Assessment results, extracted evidence and supporting audit records may be retained to support reporting, traceability and assurance activities.
  • Operational Metadata: Assessment configuration, processing information and audit records may be retained to support platform operations and service delivery.

Audit & Traceability

SIFTR maintains audit information relating to assessment activity, processing events and platform operations to support transparency, traceability and assurance review activities.

AI Data Usage

  • No Model Training: Customer information is not used to train, fine-tune or improve AI models.
  • Controlled Processing: Information is processed solely to support the requested assessment activities.
  • Decision Support: SIFTR provides decision-support capabilities, with assessment and assurance decisions remaining under organisational control.
Security & SovereigntySecurity Certification
© 2026 SIFTR GOVTECH LTD. UK Sovereign Infrastructure | AWS London (eu-west-2)
Aligned to NCSC Cyber Assessment Framework (CAF) 4.0