Log in
Security & Trust

Security & Trust

This page is a high-level overview of how Aurora Command protects data and supports controlled sharing. For detailed security documentation, request Trust Center access.

We don't guarantee compliance outcomes. We help you run and document the work.

Request Trust Center Access Get a Walkthrough

Sharing

Controlled Sharing, Not Shared Logins

Aurora Command is built so buyers and auditors can review what you choose to share, without operating your workspace. Trust Center provides a reviewer view with access tiers, permissions, and access logs.

  • Share a reviewer view link (not a workspace login).
  • Limit what is visible with access tiers and approvals.
  • Export access logs for review and recordkeeping.

Identity and Access Control

  • Multi-factor authentication is supported for user accounts.
  • Role-based permissions limit who can view, edit, approve, and share.
  • Approvals create attributable change history for policies and responses.
  • SSO/SCIM may be available by plan/configuration (details in Trust Center).

Data Protection and Isolation

  • Encryption is used to protect data in transit and at rest.
  • Customer data is isolated by tenant.
  • Access to customer data is limited to authorized personnel for support and operations.

Audit Trails and Exportable History

Aurora keeps a record of key actions (create, update, approve, share, export) so you can show what changed and when.

  • Policy and answer version history.
  • Evidence source and timestamps.
  • Sharing and access events (Trust Center).

Integrations and Scope

When you connect systems, Aurora is designed to use least-privilege access where possible. Integration behavior varies by connector.

  • Integration automation level is labeled (automated vs export-based).
  • Evidence retains source and capture time.
  • You can keep evidence manual when automation isn't appropriate.

FAQ

Data Handling FAQ (Plain English)

What data do you store?
Compliance program data you enter or connect (controls, policies, evidence metadata, training records, and reviewer requests). Exact details are available in the Trust Center.
Do buyers see our whole workspace?
No. You share a controlled reviewer view through Trust Center.
Can we export or delete our data?
Data export and retention options depend on plan/configuration. Request Trust Center access for specifics.
Next step
Need Security Documentation?
Request Trust Center access to review detailed security controls, policies, and documentation.
Request Trust Center Access Get a Walkthrough
No obligation. We respond within one business day. No compliance guarantees.