OpsWork Book a demo

Security

Enterprise security controls inside your own Azure subscription.

OpsWork runs entirely inside your customer-controlled Microsoft 365 tenant and Azure subscription. The security boundary is yours. The controls are yours.

Pillar 1

Customer-controlled architecture

  • ·Your Microsoft 365 tenant. Your Entra ID. Your data sovereignty.
  • ·Your Azure subscription. Deploys into UK South where customer policy supports it.
  • ·You control billing, keys, resource locks and regional residency.

Pillar 2

Identity and access

  • ·Each agent has an Entra ID identity. Permissions are explicit, scoped and least-privilege.
  • ·Managed identities for Azure resource access — no shared service credentials.
  • ·MFA and Conditional Access apply where the customer enables them across the tenant.

Pillar 3

Secrets and infrastructure

  • ·Azure Key Vault for all secrets. No credentials in code or environment variables.
  • ·Private endpoints supported where customer networking policy requires them.
  • ·Infrastructure is reviewable through standard Azure Resource Manager tooling.

Pillar 4

Audit and approvals

  • ·Every agent decision is signed, timestamped and written to an immutable audit log.
  • ·Outputs carry confidence scores and source references for engineer review.
  • ·Client-facing, irreversible and material actions require human approval.

Pillar 5

Support access

  • ·Designed so OpsWork Ltd has no routine access to customer content after deployment.
  • ·Support access requires explicit customer approval, is time-bound and is logged.
  • ·Access is revoked at the end of the support window.

Pillar 6

Procurement checklist

  • ·Architecture review pack — components, identities, data flows.
  • ·Data Processing Agreement and sub-processor list provided during procurement.
  • ·Security questionnaire responses on request. Roadmap items clearly marked as roadmap.

Certifications

Certifications and roadmap

OpsWork inherits security primitives from Microsoft 365 and Azure, both of which hold ISO 27001, SOC 2 and other audited certifications at the platform level. OpsWork Ltd's own organisational certifications are listed below.

We do not claim certifications we do not hold. Status of each item is reviewed each procurement cycle.

Audit the architecture against your security policy.

20-minute review of the OpsWork architecture, identity model and audit trail against your own InfoSec controls. Bring your reviewer.

Book a 20-minute architecture review