Trusted. Secure. Resilient.
DeviceAtlas places a high priority on security and resilience, designing and building services with robust governance and clear controls. This Trust Centre details the measures in place to safeguard customer data, ensure service reliability, and meet regulatory requirements.
Security Governance Framework
DeviceAtlas operates a formal Information Security Management System (ISMS) aligned with ISO/IEC 27001. The governance framework includes:
- Documented security policies and board-level oversight.
- Formal risk assessment and treatment processes.
- Clearly defined security roles and responsibilities.
- Ongoing internal audit and management reviews.
- Continuous improvement of security controls.
Security risk is reviewed regularly and integrated into business and product decision-making.
Compliance & Regulatory Alignment
DeviceAtlas supports customers in over seventy countries, in diverse verticals including retail, content publishing, system integrators, mobile operators and government departments, as well as regulated environments such as financial services and medtech.
ISO/IEC 27001 & SOC Reporting
DeviceAtlas security management framework aligns with ISO/IEC 27001 principles and controls, covering governance, asset management, access control, supplier security, incident management and business continuity.
To support customer assurance, DeviceAtlas utilizes independent third-party assessments. Where applicable and under NDA, the following are provided on request:
- Independent penetration testing letter of attestation.
- Security questionnaires, Policies and evidence packs.
Digital Operational Resilience Act (DORA)
DeviceAtlas continually monitors and aligns its operational resilience practices with the EU Digital Operational Resilience Act (DORA). Our resilience controls support DORA principles, covering ICT risk management, incident response, and third-party risk oversight. DeviceAtlas also assists regulated customers in meeting their specific DORA compliance obligations.
Secure Product Development Lifecycle
Security is embedded throughout the development lifecycle through several key practices:
- Secure architecture and threat modelling
- Peer code review and controlled release processes
- Dependency and vulnerability monitoring
- Timely remediation of identified security issues
- Change management and version control governance
Infrastructure & Hosting Resilience
DeviceAtlas leverages enterprise-grade cloud infrastructure to ensure availability and redundancy.
Multi-Zone Architecture: Production systems are deployed across multiple availability zones to reduce single points of failure.
Multi-Vendor Strategy: Where appropriate, a multi-vendor hosting strategy is employed to reduce concentration risk.
Operational Controls: These include role-based access control, multi-factor authentication for privileged access, and encryption of data in transit.
Data Protection & Privacy
DeviceAtlas is committed to protecting personal data and respecting privacy rights. Data processing is conducted in accordance with the EU General Data Protection Regulation (GDPR). Technical and organisational safeguards are implemented to prevent unauthorised access or loss.
Incident Management & Response
DeviceAtlas maintains a formal incident response framework to manage security events effectively. This includes defined escalation procedures, risk-based classification, and customer notification in line with contractual obligations.
Business Continuity & Disaster Recovery
Operational resilience is a core design principle.
- Business continuity planning aligned with risk assessments
- Disaster recovery procedures with defined recovery objectives
- Periodic testing of backup and recovery capabilities
- Redundant infrastructure components to support service continuity
Third-Party & Supplier Risk Management
Third-party providers are evaluated through a structured risk management process involving security due diligence prior to onboarding and ongoing performance monitoring
Responsible AI & Automation
Where automation or machine learning techniques are used, responsible design principles focused on security and transparency are applied. Automated systems are monitored to ensure secure operation.
Responsible Disclosure & Documentation
DeviceAtlas welcomes the responsible disclosure of potential vulnerabilities. Issues can be reported to security@deviceatlas.com. It is requested that vulnerabilities not be publicly disclosed until investigation and remediation have occurred.
Upon request and subject to a confidentiality agreement (NDA), DeviceAtlas can provide customers and potential customers with further security documentation, including compliance summaries, penetration testing attestations, or policy overviews.
This Trust Centre is reviewed periodically and updated to reflect enhancements to DeviceAtlas security, compliance, and resilience program.