Trust Centre
for OnSecurity Technology Limited
We are committed to the security of our platform and the protection of our customers’ data. This page provides transparency into our security posture, certifications, and controls.
CREST Membership
Accredited for penetration testing & security services.
ISO/IEC 27001:2002
Information security management system - independently certified
Responsibility Vulnerability Disclosure
Coordinated disclosure policy for security researchers
Access Control
Multi-factor authentication (MFA) – Enforced
MFA is enforced across all internal systems, tooling, and cloud infrastructure. Employees and contractors are required to use MFA for access to any OnSecurity system.
Role-based access control (RBAC) – Enforced
MFA is enforced across all internal systems, tooling, and cloud infrastructure. Employees and contractors are required to use MFA for access to any OnSecurity system.
Security awareness training
Phishing training – Active programme
All employees undergo regular phishing simulation training. Campaigns are run periodically to measure and improve resilience. Results are tracked and used to target additional awareness training where needed.
Security awareness training – Mandatory
All employees and contractors complete mandatory security awareness training on onboarding and annually thereafter, covering data handling, password hygiene, social engineering, and acceptable use.
Penetration testing & vulnerability management
External penetration testing
OnSecurity conducts regular penetration tests against its own infrastructure and platform. We undergo annual external penetration testing carried out by an independent CREST-accredited third party, providing objective assurance of our security controls.
Vulnerability disclosure programme
We operate a responsible vulnerability disclosure programme (RVDP v0.1). Security researchers who identify issues in our systems are encouraged to report them. Reports can be submitted to [email protected]