Data security and compliance in Ireland

Stakeholder engagement data is sensitive by nature. From political contacts and community feedback to consultation records and personal information, your data deserves the highest level of protection. Tractivity is built from the ground up to keep it secure, compliant, and entirely under your control.

Trusted for over 25 years by organisations including the UK Government, NHS, NI Executive Office, EDF, The Institute of Banking in Ireland, and Southern Water, Tractivity is the only fully UK-based stakeholder management platform on the market, and for Irish organisations, all data can be hosted within the EEA.

Independently accredited, continuously monitored

Tractivity holds both ISO 27001:2022 and Cyber Essentials Plus accreditations, two of the most rigorous information security standards recognised in the UK and internationally.

ISO 27001:2022 is the latest version of the international standard for information security management systems (ISMS), demonstrating that Tractivity maintains a systematic approach to managing sensitive data. Cyber Essentials Plus, backed by the UK National Cyber Security Centre, involves independent testing of our security controls and is recognised by Irish public bodies and infrastructure procurers as a mark of independent security assurance.

Our system also meets the NHS DSPT Standard and is hosted on Microsoft Azure, which is SOC 2 compliant.

Tractivity is approved on the UK Government's G-Cloud framework, reflecting our compliance with public sector procurement and security standards; an independent benchmark also recognised by Irish public bodies evaluating supplier security.

Enterprise-grade infrastructure, monitored around the clock

Tractivity operates in a cloud-based, highly secure environment powered by Microsoft Azure, trusted by organisations worldwide for mission-critical workloads, including Irish and UK government departments, the NHS and major infrastructure providers.
Our platform is monitored 24/7/365 and protected by multiple layers of security, including:

Antivirus and malware protection

Intrusion detection

Web Application Firewall (WAF)

Regular vulnerability scanning

OS file integrity monitoring

OS-level patch monitoring

Managed portal and dashboard interface

Advanced database at rest encryption

UK data residency with global hosting options

Tractivity's default data centre is located in the UK (South), ensuring full UK data residency. This is particularly important for any team handling politically sensitive or community-facing engagement data, and for organisations subject to regulatory scrutiny, such as the Commission for Regulation of Utilities (CRU), An Bord Pleanála, the Environmental Protection Agency (EPA), or judicial review in Ireland. Tractivity provides a single auditable record of every stakeholder interaction, commitment, and community response, ensuring your engagement evidence is complete, traceable, and held securely within your chosen jurisdiction.

For Irish organisations and those subject to EU GDPR, EEA hosting is available as standard, ensuring your data remains within the European Economic Area and under EU regulatory jurisdiction. Hosting regions include the EEA, the United States, and beyond. Wherever your data is hosted, it benefits from the same enterprise-grade security controls and monitoring.

Granular control over who sees what

Tractivity’s role-based permissions give administrators complete control over data access. Permissions can be configured at multiple levels, from specific projects and modules right down to confidentiality controls on ndividual records, ensuring users only see what they are authorised to see.

This is essential for organisations working with third-party contractors, multi-agency partnerships, or cross-departmental teams where confidentiality requirements differ across projects. You maintain full control without compromising collaboration.

AI-powered features with full data control

Tractivity provides a suite of secure, purpose-built AI tools designed to enhance stakeholder engagement. Our AI Sentiment Analysis automatically evaluates the tone of stakeholder interactions, whilst AI Summarise generates concise, accurate summaries of engagement records.

All AI capabilities are fully configured, managed, and secured by our team within our Microsoft Azure environment. When AI features are enabled, with your explicit consent, only the content entered into designated AI fields is securely transmitted to Azure OpenAI for processing.

Your data is never used for model training or fine-tuning. Azure OpenAI acts solely as a data processor on Tractivity’s behalf, ensuring full control, confidentiality, and compliance at all times.

Security is built into every feature. Explore what Tractivity can do for your team.

Designed with accessibility in mind

The Tractivity interface meets WCAG 2.2 Level A accessibility standards and is fully mobile-responsive, ensuring users can access and update information from any device with an internet connection. This supports field teams, remote workers, and on-the-go engagement without compromising usability or security.

Accessibility is a statutory requirement for many public sector organisations, including government departments, the NHS, and local authorities. Tractivity is actively working towards WCAG 2.2 Level AA compliance, on track for release in 2026.

Available in English, with full Irish language support

Tractivity is available in English and fully supports communication in Irish. For organisations operating under the Irish Language Acts or Gaeilge communication requirements, please speak to our team about language localisation options.

Users can personalise their experience through account-level localisation settings, ensuring the platform adapts to your team’s communications needs.

Built for EU GDPR compliance

Tractivity helps you manage stakeholder subscription preferences with confidence, fully aligned with the EU General Data Protection Regulation as supervised by Ireland's Data Protection Commission (DPC). All opt-ins and unsubscribes are tracked automatically, and built-in restrictions ensure you only communicate with stakeholders who have consented to that line of communication.

Data entered into Tractivity is owned by you. Your data is encrypted both in transit and at rest, and comprehensive access controls ensure it remains confidential at every level.

For organisations requiring custom integrations, Tractivity provides a fully documented API, enabling secure data exchange with external systems under your control.

Regular updates

Tractivity systems are upgraded on a regular basis, informed by customer feedback and developments from our expert team. Major feature releases happen every three to four months, with security patches and smaller updates deployed in between to ensure your system remains protected against emerging threats.

All releases are completed outside of working hours, typically after 7pm, and clients are always informed in advance of any scheduled maintenance.

Data security frequently asked questions (FAQ)

Where is my stakeholder data stored?

For Irish organisations and those subject to EU GDPR, EEA hosting is available as standard - keeping your data within the European Economic Area and under the jurisdiction of Ireland's Data Protection Commission. Wherever your data is hosted, it benefits from the same enterprise-grade security controls and 24/7/365 monitoring.

What security accreditations does Tractivity hold? Tractivity holds ISO 27001:2022 and Cyber Essentials Plus accreditations — both internationally recognised standards used by Irish public sector evaluators. We are hosted on Microsoft Azure (SOC 2 compliant) and approved on the UK Government's G-Cloud framework, an independently benchmarked procurement standard.

Who can access my data within Tractivity? Role-based permissions give administrators complete control over data access. Permissions can be configured at multiple levels, from specific projects and modules right down to individual records. This supports organisations working with third-party contractors, multi-agency partnerships, or cross-departmental teams where confidentiality requirements differ.

How does Tractivity handle AI and my data?

All AI features run within Tractivity's Microsoft Azure environment. When enabled, with your explicit consent, only content entered into designated AI fields is processed by Azure OpenAI. Your data is never used for model training or fine-tuning. Azure OpenAI acts solely as a data processor on Tractivity's behalf.

Is Tractivity GDPR compliant?

Yes. Tractivity is fully compliant with the EU General Data Protection Regulation (EU GDPR), as supervised by Ireland's Data Protection Commission (DPC). All opt-ins and unsubscribes are tracked automatically, and built-in restrictions ensure you only communicate with stakeholders who have consented. Data entered into Tractivity is owned by you, encrypted both in transit and at rest, and protected by comprehensive access controls.

Is Tractivity suitable for Irish planning and public consultation requirements?

Yes. Tractivity can be used by organisations managing statutory consultation obligations under Irish planning legislation, including requirements linked to An Bord Pleanála processes and Environmental Impact Assessment (EIA) procedures. Our platform provides a complete, auditable record of every stakeholder interaction, submission, and community response, ensuring consultation evidence is traceable, secure, and compliant with the Planning and Development Act 2024. For large-scale infrastructure projects, utilities, and local authorities managing public participation requirements, Tractivity supports the full engagement lifecycle from initial notification through to response management and reporting.

What happens if something goes wrong?

Tractivity has a fully documented Business Continuity and Disaster Recovery plan, tested regularly. Data is backed up daily, encrypted, and stored in the Microsoft Azure infrastructure. Backups are verified and tested frequently with file integrity checks and manual restores.