Atticus offers best-practice security features across our entire stack.

ISO compliant

Atticus has achieved ISO/IEC 27001:2022 certification. This reflects our commitment to ensuring a premium and global standard of information security for our customers.

Physical security

All Atticus services and data are hosted with industry-leading cloud hosting provider Amazon Web Services (AWS). AWS leverages years of experience designing and operating data centres to provide secure and reliable cloud infrastructure at any scale.

Data sovereignty/residency

Atticus operates isolated environments in jurisdictions around the world to ensure customer data is protected by any required laws and governance structures.

Single sign-on

SAML-based Single sign-on (SSO) enables customers to authenticate with their central identity-provider when they log in to Atticus. This allows organisations to maintain complete control of their users’ access to Atticus and ensures timely removal of access when someone leaves or changes roles.


All customer data in Atticus is encrypted in transit over public networks using TLS 1.2+ and AES-256 algorithms whenever supported by clients. Data at rest is encrypted on volumes and services that support AES-256 encryption.

Data retention and disposal

Customers can schedule their data for permanent deletion from within the Atticus application at any time. A short time after this is done, data is irrevocably deleted from the platform. AWS is responsible for ensuring secure disposal of all physical volumes used to store data.

Secure development

Atticus has developed a secure application development and testing approach based on industry standards that have been incorporated into an agile workflow. Our continuous deployment strategy is underpinned by a suite of automated tests and vulnerability scans. All changes are subject to a mandatory peer review process.

System monitoring and alerting

Atticus environments are continuously monitored for issues and suspicious activity by threat/intrusion detection systems. All alerts are triaged by the dedicated security team to ensure issues don’t become incidents.

Penetration and vulnerability testing

Atticus utilises security tools and public disclosure databases to continuously scan for vulnerabilities. Our security team responds to issues raised. We engage external CREST-certified security experts to perform detailed penetration tests on the Atticus application annually.

Organisational security

Atticus has developed a comprehensive set of security policies and procedures to identify, manage, and mitigate information security risk across the organisation. All personnel are vetted prior to employment, are subject to strict confidentiality agreements, and undergo regular information security awareness training.

Vulnerability Disclosure


For concerns or reports regarding potential security vulnerabilities within our website or product, please reach out to [email protected]. Ensure your report provides a detailed concept demonstration, the set of instruments you employed (with their respective versions), and the generated output from these tools. We hold the security of our systems in high regard. Upon receiving any report, our team immediately examines the outlined vulnerabilities, ensuring appropriate measures are taken for rectification. As we address these issues, we’ll keep you updated at regular intervals.


If you need to share confidential details with us, use our PGP key, identified by the fingerprint:


0160 C616 92C9 B9A2 F5D9  889B 62A4 6DD7 6092 8A54