Hala Campus
Trust Center

Security, privacy and compliance at the core of Hala Campus.

Institutions trust Hala Campus with sensitive academic, financial and personal information. Here is how we protect it—covering certification, controls, responsible AI and how we support you day-to-day.

ISO/IEC 27001 CertifiedHIPAA CompliantRole-based Access & EncryptionSecure Cloud Hosting
Certified
ISO/IEC 27001
Compliant
HIPAA
Hala Campus mascot
Certifications & compliance

Independent standards. Documented practices.

Hala Campus is certified to ISO/IEC 27001 and has HIPAA compliance documentation, including an independent HIPAA compliance assessment.

ISO/IEC 27001

Certified information security management

ISO/IEC 27001 is the leading international standard for managing information security. Our certification confirms that Hala Campus operates a documented information security management system covering policies, risk management, access control, incident response and continual improvement.

HIPAA

HIPAA compliant

Hala Campus maintains HIPAA compliance documentation and has been assessed for HIPAA compliance. HIPAA does not have an official certification body—so we describe our posture as HIPAA compliant, supported by our documentation and independent assessment.

Security principles

Nine principles that guide how we protect your institution.

Every layer of Hala Campus—from database to mobile app—is built around the same set of security and privacy principles.

Encryption in transit and at rest

Institutional data is protected with modern encryption standards as it moves between users, devices and Hala Campus services, and while it is stored.

Role-based access control

Every user only sees information relevant to their responsibilities. Institutions configure roles, permissions and data visibility centrally.

Strong authentication

Password policies, session controls and multi-factor authentication options are available across web and mobile applications.

One central, controlled database

A single institutional record avoids duplicate systems and reduces the surface area where sensitive data could be inconsistently protected.

Auditability and visibility

Administrative activity is logged so institutions can review who accessed or changed sensitive information.

Backups and recovery

Regular backups and recovery procedures help institutions restore critical information in the event of an incident.

Secure cloud infrastructure

Hala Campus is hosted on monitored, continuously maintained cloud infrastructure with hardening applied at the platform layer.

Incident response

Documented incident response procedures cover detection, containment, communication and remediation, in line with our ISO/IEC 27001 programme.

Responsible AI and human review

AI features are subject to institutional permissions and human review. Institutions choose which AI capabilities are enabled and for whom.

Data handling

Your institution owns its data. We help you protect it.

Hala Campus processes institutional data on your behalf and only for the purposes agreed with you. Institutions configure who can access what, and administrative actions on sensitive records are logged for auditability.

  • Institution retains ownership of all data entered into Hala Campus.
  • Data is segregated per institution with role-based access controls.
  • Personal information is handled in line with applicable privacy laws and our published Privacy Policy.
  • Backups and recovery procedures support business continuity.
ISO/IEC 27001
Certified ISMS
HIPAA
Compliant
Encryption
In transit & at rest
Access
Role-based, audited
Frequently asked

Common security & compliance questions.

Is Hala Campus certified to any information security standard?

Yes. Hala Campus is certified to ISO/IEC 27001, the international standard for information security management systems. Our controls, policies and processes are aligned with this framework and reviewed on an ongoing basis.

Is Hala Campus HIPAA compliant?

Yes. Hala Campus has HIPAA compliance documentation and has been assessed for HIPAA compliance. Note that HIPAA does not have an official certification—we describe our posture as HIPAA compliant, supported by our compliance documentation and independent assessment.

Who owns institutional data?

The institution owns its data. Hala Campus processes it to deliver the platform, in line with the agreement in place with the institution and applicable privacy laws.

How is access to sensitive information controlled?

Access is governed by role-based permissions configured by the institution. Users only see the modules and records their role requires. Administrative changes are logged for review.

How does Hala Campus handle AI features?

AI capabilities are optional and controlled by the institution. They operate on data the user is already authorised to see, and remain subject to human review.

How can I report a security concern?

Please contact our team via the security enquiries option on the Contact page and mark the message as a security matter. We will route it to the appropriate team.

Ready when you are

Ready to connect your entire institution?

See how Hala Campus can simplify operations, improve visibility and create a better experience for management, staff, students and families.