We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Security at AuroraGRC
We build compliance software for Canadian regulated industries. Security isn't just a feature — it's the foundation of our product.
Canadian Data Residency
All customer data is stored in Canada and never leaves Canadian jurisdiction.
Encryption
Data encrypted at rest (AES-256) and in transit (TLS 1.3).
Access Controls
Role-based access, multi-factor authentication, and organization-level data isolation.
Audit Logging
Every compliance action is logged for complete audit trail integrity.
Infrastructure Security
- Cloud Infrastructure: Hosted on Canadian cloud infrastructure with SOC 2 Type II certification
- Network Security: Firewalls, intrusion detection, and DDoS protection
- Backup & Recovery: Daily encrypted backups with tested disaster recovery procedures
- Monitoring: 24/7 infrastructure monitoring and alerting
Application Security
- Authentication: Secure password hashing (bcrypt), OAuth 2.0 support (Google, Microsoft)
- Session Management: Secure httpOnly cookies, session timeout, and concurrent session controls
- Input Validation: Server-side validation and parameterized queries to prevent injection attacks
- Dependency Scanning: Automated vulnerability scanning of third-party dependencies
Compliance & Certifications
- PIPEDA Compliant: Adheres to Canadian privacy law requirements
- SOC 2 Type II: Audit in progress (expected completion Q3 2026)
- Penetration Testing: Annual third-party penetration testing
Customer Security Controls
AuroraGRC provides security features to help you protect your compliance data:
- User access logs and activity monitoring
- Role-based permissions and least-privilege access
- Data export and portability
- Evidence file access controls
- Organization-level data isolation (multitenancy)
Report a Vulnerability
We take security seriously and welcome responsible disclosure of security vulnerabilities.
Questions?
For security questionnaires, audit documentation, or detailed security information, contact security@auroragrc.com .