Accessibility, compliance & security

Read time: 2 minutes | Learn more about Gecko's work to ensure compliance in various categories.

Jonny Richardson avatar
Written by Jonny Richardson
Updated over a week ago

Gecko invests a great deal of time in ensuring it meets the rigorous security, compliance, and accessibility standards expected of a market-leading Higher Education based SaaS solution.

πŸ’‘ For further information about any of the information listed below, including access to reports where applicable, kindly contact your Gecko account manager or email

Privacy & Security

Gecko is both ISO 27001 and SOC 2 Type 2 accredited.

Gecko undergoes regular third-party Penetration Testing to uncover potential vulnerabilities and insecure functionality. Testing is conducted via a CREST-approved & ISO 27001-certified contractor. This helps us identify all security risks, including the OWASP Top 10, and check our APIs against rigorous tests and attacks.


Gecko regularly commissions a specialized external agency to conduct VPAT audits on all the public elements of our products. This helps ensure that Gecko remains WCAG 2.1, Section 508 / ADA, and EU Accessibility Directive / UK Accessibility Regulation compliant.


Gecko undergoes regular testing under the HECVAT framework.

Any questions? Start a live chat with a support team member, or feel free to explore the rest of our academy. Spotted an error or want to suggest a future article for the academy? Let us know here.

Did this answer your question?