Security and Trust

For detailed information about our security controls, architecture, certifications, and audit reports, visit the SoSafe Trust Center.

At SoSafe, security and privacy are core to how we operate and how we build our products. As a leading human risk and cybersecurity awareness provider, we hold ourselves to the same high standards we help our customers achieve. Our security and privacy programme is overseen by dedicated specialists across Information Security, Security Operations, Product Security, Legal and Data Protection, led by our Chief Information Security Officer (CISO).

We maintain a comprehensive, continuously improving security and privacy programme, supported by dedicated security, product security, risk, governance and data protection specialists. All SoSafe employees receive regular security awareness training and follow strict internal policies to keep data and systems protected.

At SoSafe, our staff are a critical part of our security posture. We view our employees as a “human firewall”, the first line of defence in protecting our systems, data, and customers. Every team member plays an active role in maintaining security by following robust internal policies, reporting potential risks, and embodying a culture of vigilance. All employees complete mandatory, role-based security and privacy training, and compliance is continuously monitored. Through strong awareness, accountability, and a shared commitment to security, our teams help ensure that protection is embedded into everyday operations.

SoSafe is certified to ISO/IEC 27001:2022, the international standard for Information Security Management Systems. We also participate in TISAX, demonstrating compliance with industry-recognised requirements for privacy, confidentiality, availability, and integrity in the automotive sector.

Our platform is hosted in secure, industry-leading cloud infrastructure and is designed with multiple layers of protection, including strong access controls, encryption of data in transit and at rest, secure software development practices, continuous monitoring, and regular security testing.

Security is built into every stage of our Software Development Life Cycle (SDLC). Our engineering teams follow secure coding standards, automated code analysis, dependency scanning, and regular penetration testing. Product Security experts review new features, perform threat modelling, and ensure that security is validated before release.