Security Built Into
Every Layer.
Enterprise-grade security is not an add-on at Orbit Suite -- it is the foundation. From AES-256 encryption and row-level security to SOC 2 Type II compliance, we protect your data at every level.
Security-First by Design
Security is not bolted on -- it is woven into every architectural decision we make. Our platform was designed from day one with enterprise-grade security at its core.
Zero Trust Model
Every request is authenticated and authorised. No implicit trust, regardless of network location or user session state.
Defence in Depth
Multiple overlapping security layers ensure that a breach in one control does not compromise the entire system.
Least Privilege Access
Users and services receive only the minimum permissions required to perform their function, enforced at every level.
Infrastructure Security
Your data is protected by industry-leading encryption, network security, and hosting infrastructure.
AES-256 Encryption at Rest
All data stored in our databases and file storage is encrypted using AES-256, the same standard used by governments and financial institutions worldwide. Encryption keys are managed via a dedicated key management service with automatic rotation.
TLS 1.3 in Transit
All data transmitted between your browser and our servers uses TLS 1.3 with strong cipher suites. We enforce HSTS headers and support certificate transparency. Internal service-to-service communication is also encrypted via mTLS.
SOC 2 Type II
Orbit Suite maintains SOC 2 Type II certification, independently audited by a leading accounting firm. Our controls are continuously monitored and validated across all five trust service criteria: security, availability, processing integrity, confidentiality, and privacy.
Application Security
Fine-grained access control and authentication mechanisms protect every user interaction.
Role-Based Access Control
Granular RBAC with customisable roles and permissions across all nine applications. Administrators can define exactly who sees what, down to individual fields and actions.
Row-Level Security
Every single one of our 101 database tables is protected by PostgreSQL row-level security policies. Data isolation is enforced at the database level, making cross-tenant data access architecturally impossible.
SSO & SAML
Single Sign-On with SAML 2.0 support enables seamless integration with your identity provider. Centralise authentication and maintain control over user provisioning and deprovisioning.
Multi-Factor Authentication
Enforce MFA across your organisation with support for authenticator apps, SMS, and hardware security keys. Administrators can set MFA policies per role or organisation-wide.
Your Data, Always Protected
Comprehensive backup, disaster recovery, and data isolation ensure your business data is always safe and available.
Automated Backups
Continuous automated backups with point-in-time recovery. Your data is replicated across geographically distributed regions for maximum resilience.
Disaster Recovery
Full disaster recovery plan with an RPO of less than 1 hour and an RTO of less than 4 hours. Regular DR testing ensures our recovery processes work when needed.
Data Isolation
Complete logical data isolation between tenants, enforced at the database level. Each organisation's data is segregated with row-level security policies that cannot be bypassed.
Compliance & Certifications
We maintain rigorous compliance standards to meet the requirements of regulated industries and global enterprise customers.
SOC 2 Type II
Independently audited security, availability, and confidentiality controls.
GDPR
Full compliance with EU General Data Protection Regulation requirements.
CCPA
California Consumer Privacy Act compliant data handling and user rights.
ISO 27001
Information security management aligned with international standards.
Security Practices
Our security programme is proactive, continuous, and deeply embedded in our engineering culture.
Penetration Testing
Annual third-party penetration tests conducted by certified security firms, complemented by continuous automated vulnerability scanning. Findings are remediated on a risk-prioritised timeline.
Secure Code Review
Every code change undergoes mandatory peer review with a security-focused checklist. Automated SAST and DAST tools scan every commit. Our 31,800+ test cases include dedicated security test suites.
Incident Response
Documented incident response plan with defined escalation paths and communication protocols. Security incidents are classified by severity and responded to within established SLAs. Post-incident reviews drive continuous improvement.
Responsible Disclosure
We value the security research community and welcome responsible disclosure of vulnerabilities. If you believe you have found a security issue in Orbit Suite, we encourage you to notify us responsibly.
Report vulnerabilities to: security@orbitsuite.com
Response time: We acknowledge all security reports within 24 hours and provide an initial assessment within 72 hours.
Safe harbour: We will not take legal action against researchers who follow our responsible disclosure guidelines and act in good faith.
Please include in your report: a description of the vulnerability, steps to reproduce, potential impact, and any suggested remediation. We will credit researchers (with permission) in our security acknowledgements.
Questions About Our Security?
Our security team is available to discuss your compliance requirements, answer questions, or provide our SOC 2 report. Get in touch today.