Trust & Compliance
Security at Vates Risk
Underwriting data is some of the most sensitive material an insurer holds. We treat it that way. The Vates Risk platform is engineered to keep client data isolated, encrypted, and auditable end-to-end.
How we protect your data
- Encryption in transit and at rest. TLS 1.2+ for every connection. AES-256 for data at rest in AWS.
- Single-tenant isolation. Each customer’s data lives in a dedicated logical boundary. No cross-tenant joins, ever.
- Least-privilege access. Every employee action is scoped, logged, and reviewable.
- Independent audit trail. Every read, write, and configuration change is journaled for compliance and incident response.
Compliance roadmap
Vates Risk is on a SOC 2 Type II trajectory. We map controls to ISO 27001 and follow the Lloyd’s minimum cyber-resilience requirements for service providers.
Responsible disclosure
Found a vulnerability? Email [email protected] or see our security.txt. We acknowledge receipt within two business days.
This page is being expanded. For a full security overview during procurement, request our security questionnaire response from your account contact.