Trust Center
Creditsafe's Security Program is driven through supporting the delivery of business objectives by protecting the company’s reputation, safeguarding existing revenue, and supporting the generation of future revenue. Dedicated subject matter experts in our Governance, Risk and Compliance; Security Operation Center (SOC); and Security Engineering teams are committed to ensuring that appropriate measures are taken to protect the confidentiality, integrity, and availability of information entrusted to the organisation by its customers, business partners, and stakeholders.
Security can often be misunderstood, and we therefore pride ourselves on balancing a positive security culture with a robust control environment. Therefore, our approach is to enable new and existing customers to interact with our products and services in a straightforward and secure manner.
Information security is an integral part of our operations and ingrained within our people, processes, and technologies. Systems and data are protected by a comprehensive ISO 27001 certified security program, and our responsibilities are encompassed by:
• Security Operation Center (SOC) to continuously monitor the organisation's security posture whilst preventing, detecting, and responding to cybersecurity incidents or threats.
• Security Engineering which covers the development, integration and maintenance of current and future security controls, technologies, and procedures across the organisation.
• A dedicated GRC team to implement security policies, manage risks, maintain audit systems, and ensure good security practices are embedded in our company culture. We do this via user awareness training, auditing and ongoing stakeholder engagement.
Documents
October Update 2025
In October, Microsoft announced 8 critical vulnerabilities and 3 zero-day vulnerabilities. 2 critical vulnerabilities had a CVSS score of 9.0 or above, and were prioritised for remediation by the vulnerability management team working closely with other teams in technology. All other vulnerabilities and updates will be addressed through our regular patching process
September Update 2025
In September, Microsoft announced 9 critical vulnerabilities and 1 publicly disclosed zero-day (CVE-2025-55234). All critical vulnerabilities have been grouped below into dependency areas:
Azure:
CVE-2025-54914
Windows:
CVE-2025-54918
CVE-2025-55226
CVE-2025-55228
CVE-2025-55236
CVE-2025-53799
CVE-2025-53800
CVE-2025-55224
Microsoft Office Products:
CVE-2025-54910
There is 1 critical vulnerability above a 9.0 and is being prioritised for remediation by the Vulnerability Management team by working with other teams across technology. All other vulnerabilities and updates will be addressed through our regular patching process.
August Update 2025
In August, Microsoft announced 1 critical zero-day vulnerability (CVE-2025-53779, Windows Kerberos elevation of privilege vulnerability) and 12 other critical vulnerabilities which have been grouped below into dependency areas:
Azure:
CVE-2025-53767
CVE-2025-53792
CVE-2025-53793
CVE-2025-53781
CVE-2025-49707
Windows:
CVE-2025-50165
CVE-2025-53766
CVE-2025-48807
CVE-2025-50177
CVE-2025-53778
Microsoft Office Products:
CVE-2025-53731
CVE-2025-53740
CVE-2025-53733
There are 4 critical vulnerabilities above a 9.0 and are being prioritised for remediation by the Vulnerability Management team by working with other teams across technology. All other vulnerabilities and updates will be addressed through our regular patching process.
July Update 2025
In July, Microsoft announced 1 critical zero-day vulnerability (CVE-2025-49719- Improper input validation in SQL Server), and 12 critical vulnerabilities which have been grouped below into dependency areas:
Windows SPNEGO Extended Negotiation (NEGOEX):
CVE-2025-47981 (CVSS 9.8)
Microsoft Office Products:
CVE-2025-49704
CVE-2025-49695
CVE-2025-49696
CVE-2025-49697
CVE-2025-49698
CVE-2025-49702
CVE-2025-49703
Windows Hyper-V Discrete Device Assignment (DDA):
CVE-2025-48822
Windows Remote Desktop Services:
CVE-2025-49717
Windows Kerberos Key Distribution Centre Proxy Services (KPSSVC):
CVE-2025-49735
Microsoft Imaging Component:
CVE-2025-47980
CVE-2025-47981 is the only critical vulnerability above a 9.0 and is being prioritised for remediation by the Vulnerability Management team by working with other teams across technology.
All other vulnerabilities and updates will be addressed through our regular patching process.
June Update 2025
In June, Microsoft advised of one actively exploited zero-day vulnerability, a remote code execution CVE-2025-33053, and also listed a publicly disclosed zero-day CVE-2025-33073.
These will be addressed as part of standard patching policy.