Quarterly security update, June 2025

At Dancerace, the security of our lenders’ and borrowers’ systems and data is paramount. We continually invest in enhancing our systems security as part of our commitment to provide a robust and secure platform for lenders. This work is critically and increasingly important, given how the cyber-threat landscape is intensifying.

The last 18 months have therefore seen us implement a wide array of security improvements, from strengthening our internal controls to achieving industry-leading certifications and improving user experience. I’ve set out our key milestones from January 2024 to May 2025 below.

Phase 1 (early 2024):
Setting a stronger foundation

• Jan 2024: We created a dedicated role focused entirely on security, emphasising our commitment to a proactive security posture.
• March 2024: We introduced enhanced internal controls and automations to ensure early awareness, rapidly escalate potential security incidents and minimise the impact of threats.
• April 2024: We upgraded our internal Dancerace business systems to Microsoft Business Premium, replacing existing anti-malware with Microsoft Defender and Intune for comprehensive visibility and control across our team’s laptops.
• May 2024: We implemented new access control workflows using Jira. These are linked to template role profiles and asset management, significantly enhancing our control over key security processes for joiners, movers and leavers.

Phase 2 (mid-2024):
Achieving recognition

• June 2024: We achieved SOC 1 Type 2 and SOC 2 Type 2 global standards with “No Exceptions Noted”, demonstrating the consistency and integrity of our financial and information security controls.
• July 2024: Our annual ISO27001 surveillance audit was completed with “No Findings,” further validating our robust information security management.

Phase 3 (late 2024):
Enhancing resilience and user experience

• September 2024: We moved our UK datacentre – a strategic move to improve our operational resilience for UK users.
• October 2024: We implemented our first customer Single Sign-On (SSO) upgrade for a lender, offering a more convenient and more secure user experience.
• November 2024: We started development on our centralised logging platform, a foundational step towards enabling comprehensive analysis of all application and infrastructure logs. The goal: improved monitoring, alerting and user-behaviour analysis.
• December 2024: We implemented a SIEM (Security Incident Event Management) feed for a client by January 2026 – proving our adaptability and ability to integrate with customer security systems.

Phase 4 (early 2025):
Innovating for future security

• January 2025: We upgraded our VPN solution for Dancerace employees, bolstering connections to our development, test and production systems.
• February 2025: We initiated daily vulnerability scanning and enhanced monthly internal scanning for a new lender, to proactively identify and address potential weaknesses.
• March 2025: We implemented a new threat intelligence tool to track cyber threats, monitor critical infrastructure, software, suppliers, and browsers. The outcome: more comprehensive visibility and faster response times to security incidents.
• April 2025: We moved our lenders to new c3 and e3 URLs for enhanced protection and to restrict users to the latest internet protocol, TLS1.3.
• May 2025: We re-platformed and upgraded GoAnywhere, Dancerace’s SFTP (Secure File Transfer Protocol) solution, which is critical for secure data extracts to third parties, collection imports, payment exports and data warehouse extracts.

The advancements above reflect our unwavering dedication to maintaining the highest security standards. We’re confident that these enhancements will protect our users’ data and provide peace of mind.

If you’re a Dancerace lender and would like more information about our completed or planned security improvements, please contact your customer success manager. Until then, thank you for your continued trust and partnership!