COMPLIANCE

We comply with global data protection and security frameworks, including GDPR and CCPA.

We are certified as compliant with Cyber Essentials Plus, the UK Government backed scheme that protects organisations against cyber attacks and requires a hands-on technical verification.  We comply with industry best practice standards for information security management systems.

We comply with GDPR as a data processor, and manage the transfer of data via Standard Contractual Clauses.

We ensure our policies, processes and controls comply with CCPA requirements.

We offer the choice of hosting your data in the UK, EU or the US.

INFRASTRUCTURE

We are designed and built to secure your most sensitive data.

We host all of our data in physically secure Amazon Web Services (AWS) facilities that include 24/7 on-site security, camera surveillance, and more.  AWS offers 210 security, compliance, and governance services and key features which is about 40 more than the next largest cloud provider. 

All data sent to and from Volemic is encrypted using TLS, and all customer data is encrypted using AES-256.

Our infrastructure has been designed to be fault tolerant.  The application tier scales using load balancing technology that dynamically meets demand.

Access to all our systems is managed through our Identity Provider which automates user provisioning, enforces two factor authentication and logs all activities.

All servers are configured using best practice guidelines and images are managed centrally.  All changes to our infrastructure are tracked, and security events are logged.

PEOPLE

Everyone at Volemic is vetted thoroughly, given comprehensive security training, and held to the very highest ethical standards.

We maintain comprehensive security policies which we keep up to date to reflect the dynamic security environment and provide to all employees.

Every new joiner must pass thorough background checks and attend legal and security training in addition to our annual InfoSec training programme.  Every leaver is offboarded in accordance with our security policies.

Our Security Team provides continuing professional development to all employees on the risks of misdirected emails, phishing attacks, emerging security threats and changes to international security best practices.  

Our formal office security program manages all aspects of physical security including personnel access to our premises and access by visitors.

DEVELOPMENT

As a cybersecurity company, our team of software engineers and data scientists have security in their DNA.

We host all of our data in physically secure Amazon Web Services (AWS) facilities that include 24/7 on-site security, camera surveillance, and more.  AWS offers 210 security, compliance, and governance services and key features which is about 40 more than the next largest cloud provider. 

All data sent to and from Volemic is encrypted using TLS, and all customer data is encrypted using AES-256.

Our infrastructure has been designed to be fault tolerant.  The application tier scales using load balancing technology that dynamically meets demand.

Access to all our systems is managed through our Identity Provider which automates user provisioning, enforces two factor authentication and logs all activities.

All servers are configured using best practice guidelines and images are managed centrally.  All changes to our infrastructure are tracked, and security events are logged.