Security & Trust Center
Your resource center for all security, privacy and compliance information related to a Reporting Hub deployment
Last updated
Your resource center for all security, privacy and compliance information related to a Reporting Hub deployment
Last updated
The Reporting Hub takes security, privacy and compliance seriously and our goal is to ensure you have all the information you need to ensure your success.
The Reporting Hub is a fully deployed web-app that is installed within the customers Azure environment. Our documentation provides all the relevant information you will need to understand how the application works within Azure.
The Reporting Hub's policies can be found on our website here:
At Reporting Hub, we understand the importance of security and compliance in enterprise environments. However, one of the challenges we consistently face is that many security questionnaires and audits operate under the assumption that we function as a traditional SaaS provider. Our solution is fundamentally different in its deployment model, which directly impacts how various security standards apply to us.
Unlike most SaaS offerings that host customer data on their own infrastructure, Reporting Hub’s solution is fully deployed within the customer’s environment. This means:
We do not store, process, or transmit customer data on our infrastructure.
Customers maintain full control over their data security and compliance within their own Azure cloud.
Reporting Hub has no access to customer data, ensuring data sovereignty and eliminating risks associated with third-party data storage.
Many security frameworks such as SOC 2 and ISO 27001 are designed to assess a company’s ability to protect customer data within its own infrastructure. Since Reporting Hub does not store or have access to customer data, many of the security controls and requirements outlined in these frameworks do not apply to our solution.
For example:
SOC 2 focuses on the security, availability, and confidentiality of customer data stored within a vendor's systems. Since we do not handle customer data, these controls are not relevant.
ISO 27001 pertains to information security management systems (ISMS) for data stored within an organization’s environment. However, since our software runs entirely within the customer’s environment, their own security policies govern data protection, not ours.
Although traditional SaaS compliance frameworks do not apply, we take security seriously and provide the following assurances:
Secure Code Development – We follow industry best practices for secure software development, including regular code reviews, static/dynamic security testing, and adherence to OWASP standards.
Minimal Attack Surface – Since our solution does not rely on an external multi-tenant infrastructure, the attack surface is limited to what is already protected within the customer’s own security framework.
Customer-Managed Access Control – Since the solution is deployed within the customer’s environment, they retain full control over identity and access management (IAM), authentication, and authorization policies.
No Data Retention Risks – Unlike SaaS providers that must implement data protection mechanisms, Reporting Hub does not retain any customer data, eliminating concerns around data leaks or breaches.
Compliance Alignment – While traditional SaaS security frameworks do not apply, we align with customer security policies and ensure our software integrates seamlessly into existing security models.
Since security audits are often based on predefined templates for SaaS solutions, we recommend that customers work with us to tailor security assessments that are relevant to our specific deployment model. Instead of evaluating Reporting Hub as a data processor or cloud service provider, security reviews should focus on:
Software security practices (e.g., secure development lifecycle, vulnerability management).
Integration security (e.g., how the solution interacts with customer data sources securely).
Deployment security (e.g., customer-configurable security controls within their environment).
While SOC 2, ISO 27001, and similar frameworks are important for traditional SaaS vendors, they are not applicable to Reporting Hub due to our deployment model. Instead, our security posture is built around secure software development, integration security, and customer-controlled deployment.
We are happy to work with customers to address any security concerns within the context of their specific environment and ensure that Reporting Hub meets their security and compliance requirements without unnecessary overhead from frameworks that do not apply.
The Reporting Hub is an Azure web application, built within the Azure framework using Microsoft APIs. The benefit of using the Reporting Hub is that you are taking advantage of all the built-in Microsoft security. The below list has been compiled to simplify the sourcing of this relevant information:
Microsoft Trust Center:
Microsoft Data Protection & Privacy:
Azure App Service Security:
Power BI Security
Data Protection in Power BI
Power Platform Compliance and Data Privacy
Power BI Governance & Compliance - Metadata Scanning
Power BI Embedded Security:
Embedded Analytics Access Tokens:
Service Principal Profiles Security:
Microsoft Compliance Offerings: