Compliance
ISO/IEC 27001 information security
Sovereign Mail runs on UK-hosted infrastructure provided by Civo, whose platform is certified to ISO/IEC 27001 — the international standard for managing information security. Our own controls are built and operated in line with the same standard.
What ISO/IEC 27001 is
ISO/IEC 27001 is the international standard for an Information Security Management System (ISMS) — a documented, independently audited framework for managing information-security risk across people, process and technology.
Our infrastructure: certified via Civo
Sovereign Mail is hosted on Civo, a UK-owned cloud provider. Infrastructure-layer information security — data-centre, platform and operational controls — is covered by Civo's ISO/IEC 27001 certification, so the foundation your email runs on is independently assured.
Sovereign Mail's controls
At the application layer we operate controls aligned to ISO 27001 Annex A themes:
- Access control — two-factor authentication, scoped and revocable API keys, secrets stored only as hashes.
- Cryptography — TLS in transit, per-domain DKIM signing, scrypt password hashing.
- Operations security — least-privilege services, rate limiting, separation of control and sending planes.
- Supplier management — a minimal, UK-based set of sub-processors.
- Data residency — all processing and storage in the UK.
Status
The hosting platform is ISO/IEC 27001 certified through Civo. Sovereign Mail's own standalone ISO 27001 certification is part of our compliance roadmap.