Book a Demo
 Download our Twinview Overview Brochure

Operational Security Overview

At Twinview, security and compliance are embedded into every layer of our operations. Our internal policies and procedures are aligned with leading industry standards, including ISO/IEC 27001, SOC 2 and Cyber Essentials Plus.

As part of the SPACE Group organisation, certified under Cyber Essentials Plus, we are committed to meeting and maintaining these standards across all business activities. Beyond these baseline requirements, we implement additional security practices tailored to the demands of a cloud-native SaaS platform, ensuring robust protection of our systems and data.

Our approach goes beyond technical safeguards. We enforce rigorous operational controls, privacy protections and legal compliance, including complete alignment with UK GDPR and the comprehensive control set defined in ISO 27001.

You can trust that every action we take is designed to safeguard your data, support regulatory obligations and ensure long-term platform resilience.

We believe that strong security begins with a strong culture

All employees, whether in technical, operational or business support roles, are pre-vetted and undergo comprehensive onboarding that covers our security policies, procedures and responsibilities. Security isn’t a separate function, it’s embedded across every role, every department and every decision we make.

We provide continuous training and conduct regular audits to ensure our teams remain up to date with evolving threats, black-hat tactics and mitigation strategies. More importantly, we foster a culture of vigilance, curiosity and psychological safety, where every individual is empowered to question, challenge or escalate anything that doesn’t feel right.

In our culture, every team member is a security stakeholder. Whether pausing a deployment, flagging unusual behaviour or challenging internal decisions, our people are trained to think like security analysts.

We also recognise that humans represent the largest potential attack surface in any organisation. That’s why we go beyond compliance, building an environment where people are not only equipped to understand risks, but also feel supported in raising concerns, free from hierarchy or pressure.

We only work, integrate and partner with organisations who share our operational approach.

At Twinview, we only work with organisations that share our commitment to security.

We don’t simply take a partner’s word for it. We implement clear oversight, enforce compliance and conduct regular audits to ensure that security standards are actively upheld. Our partners are required to adhere to the same policies, processes and security expectations as our internal teams.

This includes fostering a security-first mindset, where every individual is empowered to question actions, escalate concerns and even pause operations if something doesn’t feel right. There is zero tolerance for pressure, hierarchy or process standing in the way of doing the secure thing.

We treat our partners as an extension of our team. Security is only as strong as its weakest link, so we operate as a single, unified front, ensuring that controls, infrastructure and oversight are consistent across the entire ecosystem. This approach protects not only Twinview, but also the organisations we collaborate with.

When we partner with best-in-class organisations that may be earlier in their security maturity journey, we do not compromise on our security policies or requirements to work with a partner.  Instead, we work with them adopting a collaborative approach, offering guidance, tools and where appropriate, access to our own security frameworks, technologies and processes.

This not only supports our partners in strengthening their security posture but also promotes mutual alignment and standardisation of controls across the ecosystem. By sharing our approach, we help accelerate maturity while ensuring that all integrated systems and teams operate to the same high standards of security, resilience, and trust.

Building Physical Security and Controls

Our head office in Newcastle upon Tyne is steeped in the history of innovation and software, having been the former headquarters of the Software company Sage.  This state-of-the-art building has been modernised and refurbished and serves as the central operational hub for Twinview and the broader SPACE Group ecosystem. Designed by our in-house architectural practice, the building is a purpose-built, modern workspace developed around the operational, security and collaboration needs of the group

The facility is secure by design, incorporating multiple security zones with clearly defined access levels. Each company within the group operates from its own secure, soundproofed office area, ensuring privacy, while shared communal spaces enable collaboration where appropriate. High-security zones, such as server rooms, secure asset storage and restricted development areas, are only accessible to authorised personnel via secure RFID access, with additional controls including physical key locks or keypad authentication for restricted areas. All codes and keys for restricted areas are rotated every 6 months or in accordance with policy.

Visitors enter through a controlled access point, are logged into a visitor management system, and remain in a monitored reception area under CCTV surveillance until formally transferred to an internal staff member. Upon departure, visitors are returned to reception, logged out and oversight is formally handed back to reception staff. All access events and visitor logs are recorded and stored securely in our Information Security Management System (ISMS) for auditing and compliance.

The building is fully monitored by 24/7 CCTV, with footage retained in line with policy and replicated offsite for redundancy. An approved fire detection and alarm system and environmental monitoring system is permanently linked to the local fire service/police and is maintained and tested regularly in line with our business continuity protocols.

All visitors and contractors who need to access an approved area must be approved in advance, and a risk assessment must be undertaken by the relevant security owner and any handling or constraints must be defined, such as chaperoning.   All such instances are logged in the Information Security Management System as per policy.

Our IT infrastructure is network segmented, with strict isolation of guest networks and tiered internal environments that follow a need-to-know/need-to-access model.

In the event of a disruption, our Business Continuity Plan ensures recovery of core business infrastructure and full operation within a two-day RTO (Recovery Time Objective). The Twinview SaaS platform is architected independently for resilience, with no dependency on any single person, property, local system or process, ensuring continued operation regardless of physical site status.