Trust & Security

Security

Security is part of how AxonOps builds, operates, and supports the platform. This page summarises certification status, employee and product access controls, AxonOps Cloud infrastructure safeguards, secure engineering practice, and the security capabilities customers can use in production.

Contact Us View Subprocessors
AxonOps is ISO 27001:2022 certified

At a glance, the security model is built around governance, scoped access, AxonOps Cloud infrastructure safeguards, and operational traceability.

  • ISO 27001:2022 certified information security management system.
  • Employee access scoped to genuine business need and operational responsibility.
  • AxonOps Cloud infrastructure uses TLS-protected transport paths and storage-layer encryption safeguards.
  • Supported enterprise workflows include SSO, RBAC, audit trails, and security review support.
Program

How AxonOps approaches trust, governance, and review

We have kept this page factual. The aim is to help customers understand what is publicly available today and where to start when deeper security diligence is required.

Program

Information security governance

AxonOps runs its security program around documented controls, access management, and risk handling, with ISO 27001:2022 certification forming part of that operating model.

People Access

Scoped employee access

Employee access is restricted to personnel with a genuine business need to know. The aim is to avoid broad standing access and keep support or operational access tied to role and responsibility.

Data Protection

Encryption within AxonOps Cloud infrastructure

For AxonOps Cloud, transport paths are protected with TLS and storage services rely on encryption safeguards in the underlying infrastructure rather than unsecured internal data handling paths.

Engineering

Security built into engineering practice

Security is handled as part of day-to-day engineering, design, review, build, and support workflows rather than being treated as a separate compliance-only exercise.

Build

Secure build and release workflow

AxonOps incorporates CI/CD security checks, including dependency and vulnerability scanning, as part of the software delivery lifecycle before releases move through normal deployment workflows.

Assurance

Ongoing vulnerability review

Security review is continuous rather than periodic only. Vulnerabilities in product dependencies and supporting components can be identified, triaged, and addressed as part of normal engineering operations.

Transparency

Published cloud subprocessor list

For AxonOps Cloud, we publish the third parties we rely on, what they do, the categories of data involved, and the safeguards in place.

View subprocessors
Cloud Operations

SIEM-backed cloud security operations

For AxonOps Cloud, backend infrastructure is monitored through SIEM-backed security operations workflows so security-relevant activity can be centralised, correlated, and reviewed.

Product Controls

Security capabilities built into AxonOps workflows

AxonOps is not just a monitoring surface. The product includes access controls, auditability, alert routing, and operational context that help teams run Cassandra and Kafka more safely.

Authentication, SSO, and role-based access

AxonOps supports SAML-based single sign-on for supported enterprise workflows and uses role-based permissions across operational access paths.

Operational audit trails

Repairs, backups, nodetool workflows, topic and ACL changes, and message access can be recorded in audit trails for traceability and post-incident review.

Security and service alerting

AxonOps can monitor security-relevant events, logs, service checks, backups, repairs, and operational failures, then route alerts through existing incident channels.

Reduced direct exposure

For Kafka environments, AxonOps can broker message-viewer access without exposing direct broker ports to every developer or analyst.

Configuration and runtime context

For Cassandra environments, AxonOps can surface configuration and runtime context alongside observability data, helping teams validate changes and investigate drift.

Encryption and certificate visibility

AxonOps can surface certificate health and related service checks so teams can validate transport security and spot expiry risk before it becomes an incident.

Resources

What you can review today

If you are evaluating AxonOps, these are the best starting points for security and trust review before moving into customer-specific diligence.

Cloud subprocessors

Review the current vendor list, purpose, location, and safeguards for AxonOps Cloud.

Open subprocessor list

Privacy policy

See how AxonOps describes access control, data handling, and breach response at the company level.

Read privacy policy

Security contact

Need to discuss a questionnaire, certification status, or report a potential issue? Start with our contact page or email us directly.

Contact AxonOps
Get in Touch

Need to discuss a security review?

If you need to review our ISO 27001:2022 certification status, discuss a security questionnaire, or raise a potential issue, contact AxonOps and we will route the request to the appropriate team.

Contact Us [email protected]