All Atticus services and data are hosted with industry-leading cloud hosting provider Amazon Web Services (AWS). AWS leverages years of experience designing and operating data centres to provide secure and reliable cloud infrastructure at any scale.

Atticus operates isolated environments in jurisdictions around the world to ensure customer data is protected by any required laws and governance structures.

SAML-based Single Sign-on (SSO) enables customers to authenticate with their central identity-provider when they log in to Atticus. This allows organisations to maintain complete control of their users’ access to Atticus and ensures timely removal of access when someone leaves or changes roles.

All customer data in Atticus is encrypted in transit over public networks using TLS 1.2+ and AES-256 algorithms whenever supported by clients. Data at rest is encrypted on volumes and services that support AES-256 encryption.

Customers can schedule their data for permanent deletion from within the Atticus application at any time. A short time after this is done, data is irrevocably deleted from the platform. AWS is responsible for ensuring secure disposal of all physical volumes used to store data.

Atticus has developed a secure application development and testing approach based on industry standards that have been incorporated into an agile workflow. Our continuous deployment strategy is underpinned by a suite of automated tests and vulnerability scans. All changes are subject to a mandatory peer review process.

Atticus environments are continuously monitored for issues and suspicious activity by threat/intrusion detection systems. All alerts are triaged by the dedicated security team to ensure issues don’t become incidents.

Atticus utilizes security tools and public disclosure databases to continuously scan for vulnerabilities. Our security team responds to issues raised. We engage external CREST-certified security experts to perform detailed penetration tests on the Atticus application annually.

Atticus has developed a comprehensive set of security policies and procedures to identify, manage, and mitigate information security risk across the organisation. All personnel are vetted prior to employment, are subject to strict confidentiality agreements, and undergo regular information security awareness training.