Security, privacy and compliance at the core of Hala Campus.
Institutions trust Hala Campus with sensitive academic, financial and personal information. Here is how we protect it—covering certification, controls, responsible AI and how we support you day-to-day.

Independent standards. Documented practices.
Hala Campus is certified to ISO/IEC 27001 and has HIPAA compliance documentation, including an independent HIPAA compliance assessment.
ISO/IEC 27001
Certified information security management
ISO/IEC 27001 is the leading international standard for managing information security. Our certification confirms that Hala Campus operates a documented information security management system covering policies, risk management, access control, incident response and continual improvement.
HIPAA
HIPAA compliant
Hala Campus maintains HIPAA compliance documentation and has been assessed for HIPAA compliance. HIPAA does not have an official certification body—so we describe our posture as HIPAA compliant, supported by our documentation and independent assessment.
Nine principles that guide how we protect your institution.
Every layer of Hala Campus—from database to mobile app—is built around the same set of security and privacy principles.
Encryption in transit and at rest
Institutional data is protected with modern encryption standards as it moves between users, devices and Hala Campus services, and while it is stored.
Role-based access control
Every user only sees information relevant to their responsibilities. Institutions configure roles, permissions and data visibility centrally.
Strong authentication
Password policies, session controls and multi-factor authentication options are available across web and mobile applications.
One central, controlled database
A single institutional record avoids duplicate systems and reduces the surface area where sensitive data could be inconsistently protected.
Auditability and visibility
Administrative activity is logged so institutions can review who accessed or changed sensitive information.
Backups and recovery
Regular backups and recovery procedures help institutions restore critical information in the event of an incident.
Secure cloud infrastructure
Hala Campus is hosted on monitored, continuously maintained cloud infrastructure with hardening applied at the platform layer.
Incident response
Documented incident response procedures cover detection, containment, communication and remediation, in line with our ISO/IEC 27001 programme.
Responsible AI and human review
AI features are subject to institutional permissions and human review. Institutions choose which AI capabilities are enabled and for whom.
Data handling
Your institution owns its data. We help you protect it.
Hala Campus processes institutional data on your behalf and only for the purposes agreed with you. Institutions configure who can access what, and administrative actions on sensitive records are logged for auditability.
- Institution retains ownership of all data entered into Hala Campus.
- Data is segregated per institution with role-based access controls.
- Personal information is handled in line with applicable privacy laws and our published Privacy Policy.
- Backups and recovery procedures support business continuity.
Common security & compliance questions.
Is Hala Campus certified to any information security standard?
Yes. Hala Campus is certified to ISO/IEC 27001, the international standard for information security management systems. Our controls, policies and processes are aligned with this framework and reviewed on an ongoing basis.
Is Hala Campus HIPAA compliant?
Yes. Hala Campus has HIPAA compliance documentation and has been assessed for HIPAA compliance. Note that HIPAA does not have an official certification—we describe our posture as HIPAA compliant, supported by our compliance documentation and independent assessment.
Who owns institutional data?
The institution owns its data. Hala Campus processes it to deliver the platform, in line with the agreement in place with the institution and applicable privacy laws.
How is access to sensitive information controlled?
Access is governed by role-based permissions configured by the institution. Users only see the modules and records their role requires. Administrative changes are logged for review.
How does Hala Campus handle AI features?
AI capabilities are optional and controlled by the institution. They operate on data the user is already authorised to see, and remain subject to human review.
How can I report a security concern?
Please contact our team via the security enquiries option on the Contact page and mark the message as a security matter. We will route it to the appropriate team.
Ready to connect your entire institution?
See how Hala Campus can simplify operations, improve visibility and create a better experience for management, staff, students and families.