What Information Security Standards do you follow?
Aura Vision's Information Security Management System is built around ISO 27001 principles, with privacy controls aligned to UK GDPR and EU GDPR (verified by Mishcon de Reya) and operational practices that match SOC 2-style controls.
Aura Vision’s Information Security Management System (ISMS) is built around the ISO 27001 framework. Privacy controls are aligned to UK GDPR and EU GDPR (verified by a legal opinion from Mishcon de Reya) and our operational practices match the controls expected of SOC 2-style audits.
What this covers
- Information security policy — documented and reviewed quarterly by leadership.
- Access control — least-privilege role-based access to all systems; SSO and MFA available for customer accounts.
- Change management — every code change reviewed and tested before deployment.
- Vendor risk — all third-party services assessed and contracted with appropriate data-processing terms.
- Incident response — documented procedures, on-call rota, and customer notification commitments.
- Penetration testing — annual external testing by an independent provider.
How it works
Information security isn’t a separate workstream — it’s built into how the platform is designed (privacy by design) and how the team operates (security by default). All staff complete information-security training as part of onboarding and annually after.
Where to read more
- Security at Aura Vision — architecture, encryption, access control
- Product privacy — privacy by design
- Data Processing Addendum — formal DPA
- Are you ISO 27001 certified?