Security
The security of data is critical to the success of our business and we know that it is important for our customers. So you can be assured we take security extremely seriously. We. We make security a priority in our business practices and throughout the development process, maintaining effective controls over the security, availability, confidentiality and processing integrity of the platform. This creates a highly secure platform that allows our customers and partners to access information in a safe and secure way.
Partnering with Microsoft
Microsoft is a trusted partner for Auror, and we use its services to protect and manage data in accordance with all applicable regulations. We do not hold any personal data at our office facilities. The Auror Platform is fully hosted by Microsoft Azure in its world-class and secure data centers.
These data centers utilise industry leading security policies and standards and are SOC 1/SSAE 16/ISAE 3402, SOC 2, and ISO 27001/27002/27018 compliant. Each Azure facility is designed to run 24x7x365 and employs various measures to help protect operations from power failure, physical intrusion, and network outages. These data centres comply with industry standards (such as ISO 27001) for physical security and availability. They are managed, monitored, and administered by Microsoft operations personnel.
Microsoft anti-malware protects Azure services and virtual machines. Microsoft also uses intrusion detection, denial-of-service (DDoS) attack prevention, penetration testing, data analytics, and machine learning to constantly strengthen its defence and reduce risks.
Further details about Microsoft Azure are available on Microsoft’s own Trust Centre.
Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.
Encryption
All information in transit to and from Auror is currently encrypted using SSL 256-bit encryption. The Auror platform can only be accessed using a secure channel where the data traffic is encrypted using a SHA-2 certificate (256-bit encryption). Transport Layer Security (TLS/SSL) is used to protect the transfer of information and data to our servers. All personal information is also encrypted at rest within our databases. At the application level, security features have been embedded into our code-base, such as SQL injection and Cross-site scripting, to prevent attacks. Microsoft actively monitors for intrusion attempts against our servers.
Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.
Enterprise Controls
- Levels of access rights and user control determines what information a user can access, edit, and delete.
- Single sign-on user access available.
- Third Party Sharing Framework.
Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.
User Auditing
All user activities on our sites are monitored and audited meaning that any action performed by a user can be tracked (and changes reverted if needed). If there was an attack or misuse from a user, the user can be identified and deactivated by Auror.
Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.
Third Party Testing
Auror employs independent third parties to regularly test and affirm the integrity of our security systems. Testing includes network and application-level penetration testing as both an anonymous and as an authenticated user under the context of several sets of valid credentials.
Data minimisation
Ensure that the platform limits the personal information customers can upload and retain to that which is necessary for the Platform's purposes.
Keeping your information safe
Auror is a Software as a Service (‘SaaS’) platform, accessed via a secure web portal. Auror processes personal data uploaded to the Platform on behalf of the customer and does not sell, license, or share customer data, to any other third-party, without the customer’s permission. For this reason, Auror is regarded as the data processor and the customer owns the data (data controller).This does mean that customers must ensure that they have a lawful basis to collect and process personal data relating to criminal events and offences, and that their use of the platform complies with any local laws. Retailers already collect this information through their CCTV systems and existing incident reporting processes. However, the collection, storage, and use of this information is often poorly undertaken and without proper storage, security, or use of it. We often see social media platforms and messaging services, such as Whatsapp and Facebook, used by stores to share information and images between them. Auror provides a safe and secure way of managing this information across your organisation with enterprise control of your data.