Enterprise-Grade Security

Security & Compliance

At Onos, security, privacy, and compliance are foundational to how we design, build, and operate our EHSQ platform. Our customers trust us with sensitive operational, workforce, and compliance data — and we take that responsibility seriously.

Onos is built to meet the expectations of regulated, high-risk industries and enterprise procurement teams.

Secure by Design

Onos is architected using modern, cloud-native security best practices and is hosted on Amazon Web Services (AWS) — one of the most secure and resilient cloud infrastructures globally.

Infrastructure & Hosting

Hosted on AWS with UK & EU data residency options
Customers select their preferred region during setup
Data never leaves the chosen region
Isolated environments with strict network segmentation
Continuous monitoring and logging

Encryption & Data Protection

We protect your data at every stage — in transit, at rest, and during processing.

Encryption at rest

AES-256

Encryption in transit

TLS 1.3

Key management

Secure rotation

Passwords

Hashed and salted

Role-based access controls across the platform

Access Control & Permissions

Onos supports granular, configurable user permissions, ensuring users only access what they need.

Role-based access control (RBAC)
Company, regional, project, and module-level permissions
Configurable approval workflows
Full audit trails for all access and actions

Data Backup & Availability

We prioritise resilience and availability to support mission-critical operations.

Automated backups

30-day retention

Redundant infrastructure

Across availability zones

Disaster recovery

Tested regularly

99.9% uptime

SLA guarantee

Compliance & Assurance

Cyber Security

Cyber Essentials Certified
Secure development lifecycle
Regular vulnerability scanning and remediation
Continuous infrastructure monitoring

Information Security Management

Onos aligns with globally recognised security frameworks:

ISO 27001-aligned security management
SOC 2 Type II aligned controls

Documented policies covering:

Risk managementAccess controlIncident responseBusiness continuity

GDPR & Data Privacy

Onos is designed to support GDPR compliance by default for organisations operating across the UK and EU.

Privacy by Design

Data minimisation and purpose limitation
Secure handling of worker and operational data
Privacy controls embedded directly into workflows

GDPR Capabilities

Data Processing Agreements (DPA) provided as standard
Right to access, rectification, and erasure supported
Consent management for worker data
Configurable data retention policies
Full audit trails for all data access
UK/EU-based support and data processing

Auditability & Transparency

Onos provides full visibility into platform activity to support internal audits, client assurance, and regulatory requirements.

Immutable audit logs

Time-stamped records of changes and approvals

Evidence-ready reporting

Secure export options for regulators and clients

Built for Regulated, High-Risk Industries

Onos supports compliance with key industry standards and regulations, including:

ISO 45001

Occupational Health & Safety

ISO 14001

Environmental Management

ISO 9001

Quality Management

RIDDOR

UK Incident Reporting

CDM 2015

Construction Regulations

GDPR

Data Protection

Our platform is designed to help organisations demonstrate compliance, maintain audit readiness, and operate with confidence at scale.

Enterprise-Ready, Without the Complexity

We deliberately focus on practical, usable security — not checkbox theatre.

Strong defaults

Clear controls

Transparent processes

Security that supports operations rather than slowing them down.

Security Questions?

We work closely with customer security, legal, and procurement teams.

If you require:

Security questionnairesDPAsArchitecture overviewsPen-test summariesCompliance documentation

Contact Security Team