Security at Atticus

Atticus is trusted by the world's largest corporates, law firms, and major banks with their most sensitive data. Keeping this data secure is our first priority. We continuously adapt our security program to ensure it aligns with industry standards and best practice.

Physical security
All Atticus services and data are hosted with industry-leading cloud hosting provider Amazon Web Services (AWS). AWS leverages years of experience designing and operating data centres to provide secure and reliable cloud infrastructure at any scale.
Data sovereignty/residency
Atticus operates isolated environments in jurisdictions around the world to ensure customer data is protected by any required laws and governance structures.
Single Sign-On
SAML-based Single Sign-on (SSO) enables customers to authenticate with their central identity-provider when they log in to Attlicus. This allows organisations to maintain complete control of their users’ access to Atticus and ensures timely removal of access when someone leaves or changes roles.
Encryption
All customer data in Atticus is encrypted in transit over public networks using TLS 1.2+ and AES-256 algorithms whenever supported by clients. Data at rest is encrypted on volumes and services that support AES-256 encryption.
Data retention and disposal
Customers can schedule their data for permanent deletion from within the Atticus application at any time. A short time after this is done, data is irrevocably deleted from the platform. AWS is responsible for ensuring secure disposal of all physical volumes used to store data.
Secure development
Atticus has developed a secure application development and testing approach based on industry standards that have been incorporated into an agile workflow. Our continuous deployment strategy is underpinned by a suite of automated tests and vulnerability scans. All changes are subject to a mandatory peer review process.
System monitoring and alerting
Atticus environments are continuously monitored for issues and suspicious activity by threat/intrusion detection systems. All alerts are triaged by the dedicated security team to ensure issues don’t become incidents.
Penetration & vulnerability testing
Atticus utilizes security tools and public disclosure databases to continuously scan for vulnerabilities. Our security team responds to issues raised. We engage external CREST-certified security experts to perform detailed penetration tests on the Atticus application annually.
Organisational Security
Atticus has developed a comprehensive set of security policies and procedures to identify, manage, and mitigate information security risk across the organisation. All personnel are vetted prior to employment, are subject to strict confidentiality agreements, and undergo regular information security awareness training.

Got a Question

Thank you! We will be in touch very soon.
Oops! Something went wrong. Please try again.
Quote marks for an Atticus case study
With Atticus, verification no longer needs to be the most painful part of the disclosure process