Overview
Scrums.com applies defence-in-depth security principles to protect client workspaces, delivery data, and engineering assets. Security and compliance controls scale with your subscription tier — with Enterprise providing the full set of features required by regulated industries.Security at a glance
| Control | Standard | Recommended | Enterprise |
|---|---|---|---|
| Email + password authentication | ✓ | ✓ | ✓ |
| Two-factor authentication (2FA) | ✓ | ✓ | ✓ |
| Role-based access control | Basic | Full RBAC | Full RBAC |
| SSO / SAML 2.0 | — | — | ✓ |
| Audit logs | — | — | ✓ |
| Data encryption (transit + at rest) | ✓ | ✓ | ✓ |
| Penetration testing | — | — | ✓ |
| Vendor risk questionnaire | — | — | ✓ |
Compliance frameworks supported
Scrums.com engineering teams and delivery processes are aligned with the following frameworks on the Enterprise plan:| Framework | Applicability |
|---|---|
| SOC 2 Type II | Data security and availability |
| ISO 27001 | Information security management |
| GDPR | Data protection for EU/UK data subjects |
| POPIA | Data protection for South African data subjects |
| PCI DSS | Payment card industry data security (advisory) |
What’s in this section
Authentication & Access
Password, 2FA, SSO/SAML, and session management.
Compliance & Regulatory
Supported compliance frameworks and audit-ready delivery documentation.
Data Protection & Privacy
How Scrums.com handles, protects, and stores client data.
IP Ownership
Who owns code and assets created during an engagement.
Legal & Terms
MSA, Order Forms, NDAs, and platform terms.