Security

Security Statement

Last updated: April 2026

Our Security Commitment

At Nexus MSP, security is not a feature — it is the foundation of everything we do. As a consultancy that specialises in helping organisations reduce their exposure to foreign-controlled technology, we hold ourselves to the same standards we recommend to our clients. All of our own infrastructure operates on European-owned, GDPR-compliant platforms with zero US jurisdiction exposure.

Infrastructure Security

European Hosting Only Our website and email infrastructure is hosted exclusively by IONOS, a European provider. No data is processed or stored on US-controlled infrastructure.
SSL/TLS Encryption All connections to nexus-msp.com are encrypted via SSL/TLS. We enforce HTTPS across all pages and subdomains via wildcard SSL certificate.
Email Security Our email infrastructure includes premium virus protection, anti-spam filtering, and is configured with SPF, DKIM, and DMARC records to prevent spoofing and phishing.
No US CLOUD Act Exposure By operating exclusively on European infrastructure, Nexus MSP data cannot be compelled under the US CLOUD Act. This is a non-negotiable requirement of our own operations.
Access Controls Access to our systems and client data is strictly controlled on a need-to-know basis with strong password policies and multi-factor authentication enforced across all accounts.

Client Engagement Security

When working with clients we apply the following standards across all engagements:

  • All client data is handled under a Data Processing Agreement in line with UK GDPR requirements
  • Client credentials and sensitive information are never transmitted via unencrypted channels
  • We operate a strict clean desk and clear screen policy for all remote working environments
  • All subcontractors are required to meet equivalent security standards and sign appropriate confidentiality agreements
  • Migration activities are conducted using secure, encrypted channels with full audit trails

Vulnerability Disclosure

If you believe you have identified a security vulnerability in our website or systems, we encourage responsible disclosure. Please contact us directly at privacy@nexus-msp.co.uk with details of the issue. We commit to acknowledging your report within 48 hours and resolving confirmed vulnerabilities promptly.

We ask that you do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and remediate.

Compliance

Our operations are designed to comply with:

  • UK General Data Protection Regulation (UK GDPR)
  • EU General Data Protection Regulation (EU GDPR) for European client engagements
  • The Network and Information Security (NIS2) Directive principles
  • UK Cyber Essentials framework principles

Contact

For any security-related questions or to report a concern, contact us at privacy@nexus-msp.co.uk.

Nexus eTech Ltd · Registered in England & Wales · nexus-msp.com