Operational Security

Operational Security Overview

At Twinview, security and compliance are embedded into every layer of our operations. Our internal policies and procedures are aligned with leading industry standards, including ISO/IEC 27001, SOC 2, and Cyber Essentials Plus.

As part of the Spacegroup organisation—certified under Cyber Essentials Plus—we are committed to meeting and maintaining these standards across all business activities. Beyond these baseline requirements, we implement additional security practices tailored to the demands of a cloud-native SaaS platform, ensuring robust protection of our systems and data.

Our approach goes beyond technical safeguards. We enforce rigorous operational controls, privacy protections, and legal compliance, including full adherence to UK GDPR and the comprehensive control set defined in ISO 27001.

You can trust that every action we take is designed to safeguard your data, support regulatory obligations, and ensure long-term platform resilience.

We believe that strong security begins with a strong culture

All employees—whether in technical, operational, or business support roles—are pre-vetted and undergo comprehensive onboarding covering our security policies, procedures, and responsibilities. Security isn’t a separate function—it’s embedded across every role, every department, and every decision we make.

We provide continuous training and conduct regular audits to ensure our teams remain up to date with evolving threats, black-hat tactics, and mitigation strategies. More importantly, we foster a culture of vigilance, curiosity, and psychological safety—where every individual is empowered to question, challenge, or escalate anything that doesn’t feel right.

In our culture, every team member is a security stakeholder. Whether pausing a deployment, flagging unusual behaviour, or challenging internal decisions, our people are trained to think like security analysts—not just follow checklists.

We also recognise that humans—not systems—represent the largest potential attack surface in any organisation. That’s why we go beyond compliance, building an environment where people are not only equipped to understand risks, but also feel supported in raising concerns, free from hierarchy or pressure.

Builing Physical Security and Controls

Our head office in Newcastle upon Tyne is steeped in hstory of innovation and software, been the former head office of the Finacial Software company Sage. This state of the art buildin has been modernisd and refurbished abd serves as the central operational hub for Twinview and the wider Spacegroup ecosystem. Designed by our in-house architectural practice, the building is a purpose-built, modern workspace developed around the operational, security, and collaboration needs of the group—leveraging over 60 years of architectural and technology expertise in the group.

The facility is secure by design, incorporating multiple security zones with clearly defined access levels. Each company within the group operates from its own secure, soundproofed office area ensuring privacy, while shared communal spaces enable collaboration where appropriate. High-security zones—such as server rooms, secure asset storage, and restricted development areas—are only accessible to authorised personnel via secure RFID access cards, with additional controls including physical key locks or keypad authentication for restricted area. All codes and keys for restricted areas are rotated every 6 months or in accordance with policy.

Visitors enter through a controlled access point, are logged into a visitor management system, and remain in a monitored reception area under CCTV surveillance until formally transferred to an internal staff member. Upon departure, visitors are returned to reception, logged out, and oversight is formally handed back to reception staff. All access events and visitor logs are recorded and stored securely in our Information Security Management System (ISMS) for auditing and compliance.

The building is fully monitored by 24/7 CCTV, with footage retained in line with policy and replicated offsite for redundancy. An approved fire detection and alarm system and enviroment monitoring system is permanently linked to the local fire service/police and is maintained and tested regularly in line with our business continuity protocols.

All visitors and contractors who need to access an aproved area must be aproved in advance, and a risk assesment undertaken by the relevant securer asser owner, and any handling or constraints defined such as chapperoning. All such instances are logged in the Infomation Security Managemnt System as per policy.

Our IT infrastructure is network segmented, with strict isolation of guest networks and tiered internal environments following a need-to-know / need-to-access model.

In the event of a disruption, our Business Continuity Plan ensures recovery of core business infrastructure and full operation within a two-day RTO (Recovery Time Objective). The Twinview SaaS platform is architected independently for resilience, with no dependency on any single person, property, local system or process—ensuring continued operation regardless of physical site status.

Meet our Change Management Board (CAB)

Adam Ward | Co Founder and CTO

Co-founder of Twinview and CTO with over two decades at the intersection of architecture, data, and cloud technology. Early adopter and champion of BIM in the UK, now driving secure, scalable digital twin solutions for the built environment. CIAT Certified Technologist & AWS Certified Security Professional (2025).