Your data is secure with Volemic.

SECURITY AND DATA PROTECTION OVERVIEW

Security starts with dependability.

We know your emails and data are mission critical.  That’s why we build systems that remain dependable in the face of malice, mischance and mistake. 

Compliance

Volemic meets EU and industry standard compliance.

Infrastructure

Volemic uses best practices and best in class infrastructure.

People

Volemic vets and trains every employee.

Development

Volemic builds with security engineering as the #1 priority.

COMPLIANCE

We comply with global data protection and security frameworks, including GDPR and CCPA.

Cyber Essentials Plus

Cyber Essentials Plus Certified

We are certified as compliant with Cyber Essentials Plus, the UK Government backed scheme that protects organisations against cyber attacks and requires a hands-on technical verification.  We comply with industry best practice standards for information security management systems.

GDPR Compliance

We comply with GDPR as a data processor, and manage the transfer of data via Standard Contractual Clauses.

CCPA Compliance

We ensure our policies, processes and controls comply with CCPA requirements.

Data Residency

We offer the choice of hosting your data in the UK, EU or the US.

INFRASTRUCTURE

We are designed and built to secure your most sensitive data.

Secure Infrastructure Provider

We host all of our data in physically secure Amazon Web Services (AWS) facilities that include 24/7 on-site security, camera surveillance, and more.  AWS offers 210 security, compliance, and governance services and key features which is about 40 more than the next largest cloud provider. 

Data Encryption 

All data sent to and from Volemic is encrypted using TLS, and all customer data is encrypted using AES-256.

Data Redundancy and Resiliency

Our infrastructure has been designed to be fault tolerant.  The application tier scales using load balancing technology that dynamically meets demand.

Strict Access Controls

Access to all our systems is managed through our Identity Provider which automates user provisioning, enforces two factor authentication and logs all activities.

Server Security and Monitoring

All servers are configured using best practice guidelines and images are managed centrally.  All changes to our infrastructure are tracked, and security events are logged.

PEOPLE

Everyone at Volemic is vetted thoroughly, given comprehensive security training, and held to the very highest ethical standards.

Security Policies and Incident Response Plan

We maintain comprehensive security policies which we keep up to date to reflect the dynamic security environment and provide to all employees.

Onboarding and Offboarding

Every new joiner must pass thorough background checks and attend legal and security training in addition to our annual InfoSec training programme.  Every leaver is offboarded in accordance with our security policies.

Continuing Professional Development 

Our Security Team provides continuing professional development to all employees on the risks of misdirected emails, phishing attacks, emerging security threats and changes to international security best practices.  

Office Security

Our formal office security program manages all aspects of physical security including personnel access to our premises and access by visitors.

DEVELOPMENT

As a cybersecurity company, our team of software engineers and data scientists have security in their DNA.

Secure Infrastructure Provider

We host all of our data in physically secure Amazon Web Services (AWS) facilities that include 24/7 on-site security, camera surveillance, and more.  AWS offers 210 security, compliance, and governance services and key features which is about 40 more than the next largest cloud provider. 

Data Encryption 

All data sent to and from Volemic is encrypted using TLS, and all customer data is encrypted using AES-256.

Data Redundancy and Resiliency

Our infrastructure has been designed to be fault tolerant.  The application tier scales using load balancing technology that dynamically meets demand.

Strict Access Controls

Access to all our systems is managed through our Identity Provider which automates user provisioning, enforces two factor authentication and logs all activities.

Server Security and Monitoring

All servers are configured using best practice guidelines and images are managed centrally.  All changes to our infrastructure are tracked, and security events are logged.

See Volemic in action.

Learn how Volemic can help you manage human risks with a platform loved by employees and other insiders, so you can do more and worry less.