Security

The security of data is critical to the success of our business and we know that it is important for our customers. So you can be assured we take security extremely seriously. We make security a priority in our business practices and throughout the development process, maintaining effective controls over the security, availability, confidentiality and processing integrity of the platform. This creates a highly secure platform that allows our customers and partners to access information in a safe and secure way.

Partnering with Microsoft

Microsoft is a trusted partner for Auror, and we use its services to protect and manage data in accordance with all applicable regulations. We do not hold any personal data at our office facilities. The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers.

These data centers utilise industry leading security policies and standards and are SOC 1/SSAE 16/ISAE 3402, SOC 2, and ISO 27001/27002/27018 compliant. Each Azure facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These data centres comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.

Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defence and reduce risks.

Further details about Microsoft Azure are available on Microsoft’s own Trust Center.

Auror is a Microsoft Partner

We have best-in-class capability in security

Encryption

All information in transit to and from Auror is encrypted using SSL 256-bit encryption. The Auror platform can only be accessed using a secure channel where the data traffic is encrypted using a SHA-2 certificate (256-bit encryption). Transport Layer Security (TLS/SSL) is used to protect the transfer of information and data to our servers. All personal information is also encrypted at rest within our databases. At the application level, security features have been embedded into our code-base, such as SQL injection and Cross-site scripting, to prevent attacks. Microsoft actively monitors for intrusion attempts against our servers.

Enterprise Controls

Levels of access rights and user-based roles determines what information a user can access, edit, and delete.

Single SignOn user access available for additional security, and provisioning and de-activating users.

Our Trusted Parties Sharing Framework puts the Organization in control of what third parties it shares information with in a secure way.

User Auditing

All user activities on our sites are monitored and audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was an attack or misuse from a user, the user can be identified and deactivated by Auror.

Third Party Testing

Auror employs independent third parties to regularly test and affirm the integrity of our security systems. Testing includes network and application-level penetration testing as both an anonymous and as an authenticated user under the context of several sets of valid credentials.

Detection and Analysis

Application, infrastructure, and security logs are consolidated and archived for a period of at least three years. Suspicious activity is inferred (using a combination of hand-built and machine learning alert rules) from these logs and sent to our engineering team in real-time.

Vulnerability & Threat Management

Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defense and reduce risks.

Automatic checks in our software development lifecycle identify security vulnerabilities in our 3rd party libraries and frameworks. These issues are patched promptly when an update is made available.

"We’re continually working on new things but our most important feature always has been and always will be security. Security is the bedrock upon which all our other features matter, and that’s reflected in the way we build, test, and deploy our software."

Rob Fonseca-Ensor
VP Engineering, Auror

Frequently asked questions

Where is the data hosted?

The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers. Each geography utilizes a local instance to adhere with relevant security and privacy guidelines. This includes the following data center locations:

North American (US & Canada) Platform: Microsoft Azure USA
Australian Platform: Microsoft Azure Australia
New Zealand Platform: Microsoft Azure Australia
UK Platform: Microsoft Azure UK
RoW Platform: Microsoft Azure USA

Is the data encrypted?

Yes - information is encrypted in transit and at rest.

All data is encrypted and decrypted using 256-bit AES encryption. Data at rest is encrypted in SQL server using Transparent Data Encryption (TDE) that performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest. All information in transit to and from the Platform is encrypted using SSL 256-bit encryption and protected with Transport Layer Security (TLS/SSL).

Does Auror keep track of user activity on the platform?

All user activities on our sites are monitored and can be audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was misuse from a user, the user can be identified and deactivated.

What happens if there is a security incident or data breach?

Our Incident Response Process details a clear process for handling incidents, and contains clear escalation paths to senior and executive staff members. If incidents occur, the findings are used to improve processes and systems throughout the organization.

Auror also has processes in place to respond to and manage any data breaches. In the unlikely event of a data breach, Auror will promptly notify the affected customer(s) and any regulators (if required).

Do you have additional information on your security practises?

Yes - We can provide in-depth information on the Platform Security as part of the customer due diligence process. Please get in touch.

Security

The security of data is critical to the success of our business and we know that it is important for our customers. So you can be assured we take security extremely seriously. We. We make security a priority in our business practices and throughout the development process, maintaining effective controls over the security, availability, confidentiality and processing integrity of the platform. This creates a highly secure platform that allows our customers and partners to access information in a safe and secure way.

Partnering with Microsoft

Microsoft is a trusted partner for Auror, and we use its services to protect and manage data in accordance with all applicable regulations. We do not hold any personal data at our office facilities. The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers.

These data centers utilise industry leading security policies and standards and are SOC 1/SSAE 16/ISAE 3402, SOC 2, and ISO 27001/27002/27018 compliant. Each Azure facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These data centres comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.

Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defence and reduce risks.

Further details about Microsoft Azure are available on Microsoft’s own Trust Centre.

Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.

Encryption

All information in transit to and from Auror is currently encrypted using SSL 256-bit encryption. The Auror platform can only be accessed using a secure channel where the data traffic is encrypted using a SHA-2 certificate (256-bit encryption). Transport Layer Security (TLS/SSL) is used to protect the transfer of information and data to our servers. All personal information is also encrypted at rest within our databases. At the application level, security features have been embedded into our code-base, such as SQL injection and Cross-site scripting, to prevent attacks. Microsoft actively monitors for intrusion attempts against our servers.

Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.

Enterprise Controls

  • Levels of access rights and user control determines what information a user can access, edit, and delete.
  • Single sign-on user access available.
  • Third Party Sharing Framework.

Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.

User Auditing

All user activities on our sites are monitored and audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was an attack or misuse from a user, the user can be identified and deactivated by Auror.

Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.

Third Party Testing

Auror employs independent third parties to regularly test and affirm the integrity of our security systems. Testing includes network and application-level penetration testing as both an anonymous and as an authenticated user under the context of several sets of valid credentials.

Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.

Keeping your information safe

Auror is a Software as a Service (‘SaaS’) platform, accessed via a secure web portal. Auror processes personal data uploaded to the Platform on behalf of the customer and does not sell, license, or share customer data, to any other third-party, without the customer’s permission. For this reason, Auror is regarded as the data processor and the customer owns the data (data controller).This does mean that customers must ensure that they have a lawful basis to collect and process personal data relating to criminal events and offences, and that their use of the platform complies with any local laws.  Retailers already collect this information through their CCTV systems and existing incident reporting processes. However, the collection, storage, and use of this information is often poorly undertaken and without proper storage, security, or use of it. We often see social media platforms and messaging services, such as Whatsapp and Facebook, used by stores to share information and images between them. Auror provides a safe and secure way of managing this information across your organisation with enterprise control of your data.