Legal

Security

Last updated: May 2026

At Future Decisions Ltd, security is central to how we operate, deliver services and protect the systems, data and environments we work with. We support clients in areas where reliability, confidentiality and operational resilience matter — including building systems, digital twin platforms, cloud services, data analytics and AI-assisted building performance solutions. Security is built into our approach from the start. We treat it as a core business responsibility, not an afterthought.

Cyber Essentials CertifiedCyber Essentials Plus Certified

Cyber Essentials and Cyber Essentials Plus

Future Decisions Ltd is Cyber Essentials and Cyber Essentials Plus certified.

These certifications demonstrate that we have implemented recognised cyber security controls designed to protect against common online threats.

Cyber Essentials Plus includes independent technical testing of security controls, giving clients additional confidence that our security approach is not simply policy-based, but actively verified.

Strong Authentication and Hardware Security Keys

Future Decisions Ltd uses strong authentication practices to protect access to systems, platforms and administrative services.

Where appropriate, we use multi-factor authentication, including hardware security keys such as YubiKeys, to provide stronger protection than passwords alone.

Hardware security keys help protect against phishing, credential theft, password reuse and unauthorised account access by requiring possession of a physical security device as part of the login process.

This is particularly important for:

  • Administrative accounts
  • Cloud platform access
  • Security-sensitive systems
  • Source code and deployment platforms
  • Client delivery systems
  • Privileged operational accounts

Our objective is to reduce reliance on passwords and strengthen access control around systems that matter.

PKI and Certificate-Based Security

Future Decisions Ltd uses Public Key Infrastructure, certificate-based security and cryptographic identity controls where appropriate.

PKI supports trusted identity, secure communications and controlled access between users, systems, services and devices.

This may include:

  • Certificate-based authentication
  • TLS certificates for encrypted web services
  • Secure service-to-service communication
  • Controlled issuing and renewal of certificates
  • Use of trusted certificate authorities
  • Management of private keys and certificates
  • Secure access between cloud services and applications
  • Segregation between trusted and untrusted environments

PKI helps ensure that systems can prove their identity, communicate securely and reduce dependence on weaker authentication methods.

Encryption and Secure Communications

Future Decisions Ltd uses encryption to protect information in transit and, where appropriate, at rest.

For web-facing services and secure communications, we use modern encrypted protocols, secure certificates and strong cryptographic configurations.

This includes:

  • HTTPS for web services
  • TLS-protected communications
  • Certificate-based trust
  • Encrypted administrative access
  • Encrypted service-to-service communication where appropriate
  • Protection of sensitive traffic between systems
  • Secure handling of credentials, secrets and access tokens
  • Encryption of data during transmission, storage and processing where appropriate

Our objective is to protect sensitive information, operational data and client-related information throughout collection, transmission, storage and processing.

TLS Configuration

Transport Layer Security is an important part of protecting data as it moves between users, systems and services.

Where Future Decisions Ltd controls the relevant infrastructure, we use modern TLS configurations and do not use deprecated protocols such as TLS 1.0 or TLS 1.1.

Our TLS approach includes:

  • Use of TLS 1.3 where supported
  • Use of TLS 1.2 as the minimum accepted standard where TLS 1.3 is not available
  • No use of TLS 1.0 or TLS 1.1
  • No use of obsolete SSL protocols
  • Use of trusted certificates
  • Use of strong cipher suites
  • Certificate lifecycle management, including renewal and review
  • Encrypted access to web, administrative and service endpoints
  • Review of TLS configuration as standards and security expectations evolve

This helps protect information in transit and reduces exposure to outdated or weakened cryptographic protocols.

Encryption at Rest

Where appropriate, Future Decisions Ltd uses encryption at rest to protect stored information.

This may include encryption of:

  • Databases
  • File storage
  • Backups
  • Logs
  • Configuration data
  • Cloud storage
  • Application data
  • Operational datasets

Encryption at rest helps reduce risk if storage media, backups or cloud resources are accessed without authorisation.

Key Management

Encryption is only as strong as the protection of the keys behind it.

Future Decisions Ltd applies sensible key management practices where appropriate, including controlled access to encryption keys, separation of duties, restricted administrative access and careful handling of secrets.

Our key management approach may include:

  • Controlled access to encryption keys
  • Separation between users, applications and administrative roles
  • Secure storage of secrets
  • Avoidance of hard-coded credentials
  • Use of managed key services where appropriate
  • Rotation and review of keys where required
  • Audit awareness around key usage
  • Protection of private keys and certificates
  • Removal of unused or unnecessary credentials

Cloud Security and AWS

Where Future Decisions Ltd uses Amazon Web Services, we build on AWS's secure global cloud infrastructure and apply our own security controls on top.

AWS provides a strong foundation for secure hosting, resilience, monitoring, encryption, identity management, access control and compliance-focused cloud services.

Future Decisions Ltd remains responsible for how its own applications, data, permissions, configurations and services are managed within AWS.

Our approach combines AWS infrastructure security with Future Decisions' own application, data and operational security controls.

This may include:

  • Secure cloud architecture
  • Encrypted storage
  • TLS-secured access
  • Identity and access management
  • Least-privilege permissions
  • Multi-factor authentication
  • Logging and monitoring
  • Secure backup configuration
  • Network segmentation
  • Restricted administrative access
  • Review of exposed services
  • Secure deployment practices

Access Control

Access to systems is controlled and limited to authorised users.

We follow the principle of least privilege, meaning users are only given the access needed for their role or task.

Where appropriate, we use:

  • Role-based access controls
  • Multi-factor authentication
  • Hardware-backed authentication
  • Administrative access restrictions
  • Secure credential management
  • Segregated accounts for privileged access
  • Controlled onboarding and offboarding
  • Review of access permissions

This reduces the risk of unauthorised access and limits the impact of compromised credentials.

Monitoring, Maintenance and Updates

Security is maintained through active operational discipline.

We use reasonable monitoring, maintenance, patching and review processes to reduce exposure to known risks.

This includes:

  • Security updates
  • System hardening
  • Log review where appropriate
  • Vulnerability awareness
  • Secure configuration
  • Backup and recovery planning
  • Review of security-relevant events
  • Supplier and third-party service awareness
  • Periodic review of exposed services
  • Review of certificates, access controls and cloud configuration

Security is not a one-time activity. We continue to review and improve our controls as threats, technologies and client requirements evolve.

Building Systems and Operational Technology

Future Decisions Ltd understands that building systems and operational technology require particular care.

Where we work with building management systems, meters, sensors, controllers, gateways, digital twin platforms or AI augmentation services, we aim to design integrations in a controlled and secure manner.

This may include:

  • Network separation
  • Read-only access where appropriate
  • Controlled data exchange
  • Encrypted communications
  • Segregated interfaces
  • Secure cloud connectivity
  • Limited and auditable access
  • Careful management of any connection between building systems and cloud services

Our objective is to improve visibility, performance and intelligence without introducing unnecessary operational risk.

Data Protection and Confidentiality

Future Decisions Ltd handles data carefully and in accordance with applicable data protection requirements.

We take steps to protect personal, operational and client information from unauthorised access, misuse, loss or disclosure.

Information is only used for legitimate business, technical, service delivery or legal purposes.

Further information is available in our Privacy Policy.

Resilience and Continuity

We use reasonable measures to support system resilience and continuity.

This may include secure hosting, backups, recovery planning, monitoring, controlled access and the use of reliable cloud infrastructure where appropriate.

We design systems with the aim of reducing avoidable downtime, protecting data and supporting continued service availability.

Your Responsibility

You are responsible for using appropriate security protection, including anti-virus software, firewalls, backups and safe browsing practices.

You are also responsible for ensuring that any information, credentials or access details provided to Future Decisions Ltd are accurate, authorised and securely handled by you.

Reporting a Security Concern

If you believe you have identified a security issue relating to Future Decisions Ltd, our website or our services, please contact us promptly.

Email: info@futuredecisions.net Website: www.futuredecisions.ai

Please provide enough information for us to understand and review the issue.

We ask that security concerns are reported responsibly and that no attempt is made to access, modify, delete, disrupt or misuse any system or data.