Trust Center

The same controls we prescribe, applied to ourselves.

Vectra holds the certifications our regulated customers require of their suppliers, operates under the same Essential Eight and ISO 27001 discipline we recommend, and publishes the information here so your security team can complete a vendor review without a long questionnaire back-and-forth.

Request a trust pack Report a vulnerability
All systems operational. Last incident: none reported this quarter.
Subscribe to status updates →
Certifications

The attestations that travel with us.

Reports and attestation letters are available on request under NDA through your account team or security@vectra-corp.com.

ISO 27001
Information Security

Information Security Management System, certified and surveilled annually by an accredited certification body.

SOC 2 Type II
Security, Availability

Independent attestation covering Security and Availability trust service criteria, refreshed yearly.

IRAP
PROTECTED

Managed services assessed by an IRAP assessor to the OFFICIAL: Sensitive and PROTECTED levels.

PCI QSA
Qualified Security Assessor

Australia's first PCI Qualified Security Assessor company, authorised to conduct PCI DSS assessments globally.

CREST
Offensive & defensive

CREST-accredited penetration testing, threat intelligence and incident response.

Essential 8
Maturity Level 3

Internal controls assessed to Essential Eight Maturity Level 3 against ASD guidance.

How we operate

Security isn't a department here.

The following controls run continuously across Vectra's own estate. They are also what we recommend to customers - no double standards.

Sovereign data plane

Customer telemetry is hosted inside AWS Australia (ap-southeast-2 / ap-southeast-4) and does not leave the jurisdiction unless explicitly agreed.

Encryption everywhere

Data encrypted in transit (TLS 1.2+) and at rest (AES-256). Customer-managed key options available for Managed XDR.

Least-privilege access

Role-based access control on every production system, MFA-enforced, with session recording for privileged operations.

24x7 monitoring

Our own estate is monitored by the same SOC that protects our customers - the dogfood test is continuous.

Background-checked staff

All personnel background-checked; analysts handling government workloads hold Australian Government Security Clearances.

Disclosed sub-processors

Complete list of sub-processors published here; customers are notified of changes in advance.

Sub-processors

The providers we use.

Customers receive 30 days' notice of changes to this list. Full data-flow diagrams available on request under NDA.

Amazon Web Services (Australia)
Primary hosting for Managed XDR and portal; ap-southeast-2 and ap-southeast-4.
AU
Microsoft 365
Corporate productivity and communications.
AU
CrowdStrike Falcon
Endpoint detection and response on Vectra corporate estate.
AU
Okta
Identity provider for corporate SSO and customer portal.
AU
Atlassian
Ticketing and documentation for customer engagements.
AU
DEVO
Managed SIEM back-end for the Managed XDR service.
AU
Security inquiries

security@vectra-corp.com

Trust pack requests, due-diligence questionnaires and customer security reviews.
Vulnerability disclosure

Report a vulnerability

Responsible-disclosure program covering vectra-corp.com and customer-facing portals.
Privacy requests

privacy@vectra-corp.com

APP access and correction requests, or escalation of privacy concerns.

Security, engineered around you.

Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.

+61 8 8208 0800 1800 816 044 info@vectra-corp.com