Solartis’ Commitment to Security and Compliance

At Solartis, safeguarding the data, privacy, and operational continuity of our customers is more than a requirement; it's a foundational principle. As insurance carriers, MGAs, and other industry stakeholders increasingly rely on digital platforms for policy administration, we recognize that a robust security posture and transparent compliance framework are essential for trust, scalability, and resilience.

Certified. Audited. Proven.

Solartis operates under a rigorous Security Management System (ISMS) certified to the following global standards:

• ISO/IEC 27001: Information Security Management
• ISO/IEC 27017: Cloud-Specific Security Controls
• ISO/IEC 27018: Protection of Personally Identifiable Information (PII)
• SOC 2 Type II: Trust Services Criteria for security, availability, and confidentiality

These certifications ensure that our systems, processes, and people meet the highest standards in governance, risk management, and data protection.

Centralized Visibility with SIEM Logging

Security Information and Event Management (SIEM) is at the core of our security architecture. Solartis captures logs from all critical systems, applications, and security devices to enable:

• Real-time monitoring and incident response
• Automated alerts based on risk thresholds
• Cross-system event correlation and threat detection
• Detailed forensic audit trails
• Clock-synchronized log data for precision investigations
• Threat detection for anomalies and unusual user/system behavior

Our SIEM framework acts as a centralized nervous system for detecting, analyzing, and responding to security threats in real time—ensuring both prevention and accountability.

Multi-Layered Security Architecture

Solartis employs a defense-in-depth model that covers every layer of our platform and operations:

• Data Protection: TLS 1.2/1.3 encryption in transit, AES-256 encryption at rest, secure key management
• Application Security: Role-based access controls, encrypted session tokens, secure coding practices
• Infrastructure Security: Isolated VPCs (Virtual Cloud Network), enterprise firewalls, high-availability architecture across geographically separate data centers
• Physical Security: Oracle Cloud Infrastructure (OCI) with SOC 2 compliant hosting
• Incident Management: ISO-aligned response plan with escalation paths, audit trails, and regular drills
• Vulnerability Management: Routine scanning, penetration testing, and patch management governed by change control

Patch Management and Release Transparency

Our patching strategy is risk-based and structured for transparency:

• Critical Security Patches: Applied within 24–72 hours
• Platform Patches: Rolled out quarterly within designated maintenance windows
• Service Layer Updates: Delivered via CI/CD pipeline, validated in staging, and deployed with customer coordination
• Multi-Tenant Isolation: Shared services are updated centrally; customer-specific microservices are updated independently

Customer-Centered Security Collaboration

Solartis works closely with our customers to ensure ongoing transparency and flexibility. Our Jira-based ticketing system provides full visibility into support requests, and we are always willing to integrate with your preferred collaboration tools for smoother operations.

In addition to our certifications, we offer direct access to security documentation and downloadable certificates through our website:

🔗 Solartis Security and Compliance Center

The Bottom Line

In an industry where sensitive data and operational reliability are paramount, Solartis doesn't just comply—we lead. Our investment in certified controls, modern infrastructure, and proactive monitoring ensures that your policy administration platform is protected, resilient, and always audit-ready.

Security isn’t a feature. It’s a promise.