Book a demo

Frequently Asked Questions

We know security and compliance questions are important — and we want to make it easy for you to get the answers you need. Here are some of the things we get asked most often. 

Can’t find what you’re looking for? 
Drop us a line at security@rolemapper.techwe’ll be happy to help. 

Is RoleMapper compliant with UK data protection laws and UK GDPR? 

Yes – we’re fully compliant with UK GDPR and follow best practice across all our data protection and privacy processes. You can read more in our Privacy Policy and Data Processing Agreement. 

Do you have a current Cyber Essentials certification? 

We do. RoleMapper is assessed and certified annually under the Cyber Essentials scheme. You’ll find the latest certificate and supporting information on our Cyber Essentials page. 

Where is our data stored? 

All customer data is securely stored in UK-based data centres provided by Amazon Web Services (AWS). We don’t host data outside the UK. 

Who has access to our data? 

Only authorised members of the RoleMapper team have access to customer data – and only where strictly necessary to provide support or maintain the platform. Access is role-based and regularly reviewed. 

Do you use sub-processors? 

Yes, we work with a small group of trusted sub-processors, all of whom meet our security and privacy standards. You can view the full list on our Sub-Processor List page, along with what they do, where they’re based, and what type of data they process. 

Can we review your Data Processing Agreement (DPA)?

Absolutely. Our standard DPA is available for download and forms part of your contract with us. 

What happens if there’s a security incident? 

We take all incidents seriously and have a clear internal process for managing, investigating, and notifying affected parties. Our team will always keep you informed if your data is impacted. 

How do you train staff on data protection and security? 

Every new team member goes through security and data protection training during induction, including Cyber Essentials awareness. This is refreshed annually and supplemented by role-specific training where needed. 

Do you offer support with DPIAs or procurement due diligence? 

Yes. If you need help completing a DPIA or due diligence form, just get in touch – we’re happy to provide the detail or documentation you need. 

How can I report a vulnerability or potential risk? 

If you’ve spotted a security issue or vulnerability, please let us know through our Responsible Disclosure process. We take every report seriously. 

How often is your platform tested or reviewed for security?

Our platform is continuously monitored, regularly tested, and maintained by our in-house team and trusted partners. We also conduct annual reviews as part of Cyber Essentials and security best practice. 

Is the RoleMapper platform covered by a separate agreement? 

Yes. Use of the platform is subject to contract. Charges and separate terms will apply. 

RoleMapper
The building blocks of your workforce strategy.

Role Mapper Technologies Ltd
Kings Wharf, Exeter
United Kingdom

© 2025 RoleMapper. All rights reserved.