1. Infrastructure security
- Hosted on AWS and Azure in UK and EU regions by default
- Network segmentation with private subnets and security groups
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Continuous backup with tested recovery procedures
2. Application security
- Secure software development lifecycle aligned with OWASP ASVS
- Static and dynamic application security testing in CI/CD
- Dependency scanning and prompt patching
- Code review for every change
3. Operational security
- Role-based access control with MFA enforced
- Just-in-time access for production systems
- Centralised logging and continuous monitoring
- Documented incident response plan with quarterly drills
4. Compliance
Corelix operates aligned with ISO 27001, SOC 2 Type II practices, UK Cyber Essentials and UK GDPR.
5. Incident response
We maintain a 24/7 incident response capability for Enterprise clients. Incidents are triaged, contained and reported in accordance with our SLA and DPA.
6. Vulnerability disclosure
We welcome responsible disclosure. To report a vulnerability, please use our /contact form (subject: "Security Disclosure"). Please include reproduction steps and impact assessment. We respond within 2 business days.