Trust & Security
At Atlas Systems, we understand that libraries, archives, and cultural heritage institutions trust us with sensitive operational data and patron information. Security isn't just a checkbox for us — it's foundational to how we build and operate our platforms.
We provide secure, cloud-based hosting designed for reliability and performance.
Aeon, Ares, and ILLiad are hosted on Microsoft Azure, with regional deployment options to align with your institution's data residency requirements.
ArchivesSpace — Atlas Systems provides managed hosting for ArchivesSpace on Akamai/Linode infrastructure, with regional deployment capabilities. As ArchivesSpace is a community-developed open-source application, some platform capabilities differ from our proprietary products; details are available upon request.
All hosted platforms include 24/7 infrastructure monitoring with on-call support, automated backups, and encryption in transit. Azure-hosted platforms additionally include geo-redundant backup storage and encryption at rest.
Web Application Security — Atlas Systems protects public-facing pages with Cloudflare's security infrastructure, including DDoS protection, bot mitigation, and enhanced performance.
Atlas Systems maintains rigorous security standards across our platforms.
We complete Higher Education Community Vendor Assessment Toolkit (HECVAT Full) evaluations for each hosted platform, providing the transparency higher education institutions require for vendor security assessments.
The Aeon hosting environment undergoes annual PCI DSS assessment (SAQ-D) to protect payment card data. Aeon's PCI-compliant hosting is maintained in a dedicated environment with additional security controls.
Atlas Systems is actively pursuing SOC 2 Type I certification for the Aeon platform, reinforcing our commitment to independently verified security, availability, and confidentiality controls.
Our practices are designed to support institutions in meeting their FERPA obligations for protecting student education records.
Atlas Systems supports customer GDPR requirements through data processing agreements.
Our approach to security encompasses the entire lifecycle of your data.
Your data is your data. Atlas Systems operates on a fundamental principle of customer data ownership. We don't sell, share, or use your institutional data for any purpose other than providing and improving the services you've contracted with us. Our systems are designed with data segregation to ensure each institution's information remains isolated and secure.
IT and security teams evaluating Atlas Systems can request copies of our security documentation, including HECVAT assessments and compliance certifications.
Contact our team to begin the conversation about how we can meet your institution's specific security requirements.
Security is an ongoing commitment. Atlas Systems continuously evaluates and enhances our security posture to meet evolving threats and compliance requirements.
Our team is ready to discuss your institution's specific security and compliance requirements.
Connect with Us