Security
Last updated 2026-05-08
Certifications
- ISO/IEC 27001:2022 certified
- ASIAL Grade A1 monitoring centre
- Continuous controls monitoring via Vanta
Encryption
AES-256 in transit and at rest. TLS 1.2 minimum. Mutual TLS for device-to-platform communications where supported.
Hosting
AWS Sydney for all production, backup, and test data. Multi-AZ deployment. Daily backups, encrypted.
Authentication
SAML 2.0, OpenID Connect, OAuth2. SCIM provisioning supported with Azure AD, Okta, and Google Workspace.
Vulnerability disclosure
Found a vulnerability? Email security@duress.com. We aim to acknowledge within 24 hours.
Audit reports
SOC 2 Type II and ISO 27001 reports available under NDA. Email security@duress.com to request.