Delivered a multi-tenant vulnerability management platform for a UK cybersecurity firm

A Manchester-based independent cybersecurity consultancy providing managed security services to startups, digital agencies, SMEs, and multinational corporates. Their service model connects a global admin team, managed service providers, and end clients — each needing separate visibility into vulnerability data.

Before Classic Informatics, there was no governed platform to centralise vulnerability tracking, penetration testing, and security reporting across the full client network.

• No centralised platform to manage vulnerability and penetration testing data across MSP tenants and end clients
• Each client's security data existed in isolation with no structured dashboard or reporting layer
• Vulnerability scan results stored in AWS S3 with no application layer to surface, filter, or act on them
• No self-service mechanism for clients to track vulnerabilities, request penetration tests, or download reports
• No audit trail or compliance logging across security actions taken on the platform

1. Designed for three distinct user tiers

The platform needed to serve Global Admins, MSP Admins, and end clients — each with different data scope and permissions. We built a three-portal architecture with strict tenant isolation so no user ever sees data outside their boundary.

2. Integrated with existing infrastructure 

AWS scanning infrastructure was managed by the client's DevOps team. We designed CYBER365 to sit cleanly on top — ingesting scan data from S3 buckets and surfacing it through a governed interface without touching the scanning layer.

3. Made governance non-negotiable from the start

MFA, SSO, role-based access control, and full audit logging were built in from day one — not added later. Every action on the platform is timestamped, attributed, and logged for compliance reporting.

4. Delivered in a fixed five-month window

The engagement was scoped at five months from requirements to go-live. We structured delivery across foundation, feature build, UI development, integration, and UAT phases — with sprint-end demos throughout.

Multi-Tenant Platform

• Three-portal architecture: Global Admin (CSS), MSP Admin, and Client portals
• Tenant isolation — each MSP and client operates within a fully separated data environment
• Role-based access control with MFA and SSO via Azure/Microsoft 365
• Full audit log capturing all significant platform actions with timestamp and user attribution

Vulnerability Management

• Automated vulnerability scan data import from AWS S3 buckets — scheduled and manual
• Asset-based vulnerability dashboard with filtering by type, severity, and date range
• Export functionality for vulnerability reports in CSV and PDF formats
• Auto-close logic for vulnerabilities resolved in recurring scans

Penetration Testing Module

• Client-facing Request a Quote form for on-demand penetration test requests
• Global Admin scheduling interface for arranging tests on request approval
• Results upload in predefined JSON format with findings, threat descriptions, and remediation steps

Reporting & Configuration

• Monthly management reports auto-generated per client tenant
• Customisable reports with filters for vulnerability type, severity, and date range
• Scanner configuration interface for managing API connectors to Qualys, WPScan, and others
• AWS Parameter Store integration for secure credential and configuration management

Classic Informatics delivered a governed, multi-tenant SaaS platform giving the client's security team and their MSP network a single environment to manage vulnerability data, penetration testing, and compliance reporting — replacing a fragmented, tool-dependent process with no central visibility.

Business Impact

• Centralised vulnerability and penetration testing data across all MSP tenants and clients
• Clients gained self-service access to their own security status for the first time
• Automated scan data ingestion eliminated manual data handling between AWS and the team
• Full audit trail positioned the platform for compliance reporting from day one
• Scalable multi-tenant architecture designed to grow with the MSP network without re-platforming