All data, sent to our platform servers, is transmitted over TLS for end-to-end encryption, with regularly updated cypher suites to ensure privacy of data in transit. Once in our platform, data is stored encrypted at rest using regularly rotated encryption keys. First AML Developers also follow Secure Development practices and receive regular training.
Information which First AML collects is held securely in our Software Platform where data is held on AWS Servers based in Dublin, Ireland (for EU/UK customers) and in Sydney, Australia (for all other customers). AWS is SOC 2 and ISO 270001 certified. First AML also manages our own physical security in line with our ISO27001 certification.
At First AML we deal with our user’s most important and private information: their identity. Access to information is restricted to authorised parties who have a legal basis for information access, (e.g. those who are conducting verification checks) and must meet our Information Security and contractual requirements. We ensure as few people as possible have access to your data.
First AML is actively managing Information Security, in line with globally accepted best practices. We have achieved ISO27001:2013 certification which requires First AML to maintain and continually improve its security posture across various domains including Training, Physical Security, Logging and Monitoring, and Access Control.
We engage with third-party information security specialists who conduct penetration testing and architectural reviews of our platform every three months to identify any vulnerabilities.
We work with some of the biggest enterprise players across Law, Accounting, Real Estate, and the Investment sector which means our clients set a high bar when it comes to security. We are also audited annually as part of our ISO27001 certification.