Security & Compliance
Security is built into how Dr Migrate collects, transmits and stores data. This page summarises the controls; the Trust Center holds the full detail including penetration testing results.
Core principles¶
Encrypted everywhere
Data encrypted at rest and in transit (HTTPS / 443).
Outbound only
DMC uploads outbound; no inbound firewall rules required.
Controlled identity
Access via Azure AD / AD B2B; least-privilege service principals.
Isolation
Dedicated, logically isolated customer instances.
Certifications & standards¶
- ISO 27001 certified
- GDPR aligned for privacy and personal-data protection
- No persistent credentials stored on-premises (DMC uses ephemeral, short-lived tokens)
Credential handling¶
How DMC manages and protects the credentials used during scanning is documented under Security Credential Management.
For comprehensive security information (controls, architecture documentation, and test results), visit the Trust Center.

