Security & Compliance

OpenWeather applies security, governance, and quality controls designed to support enterprise, public-sector, and institutional customers. Our framework combines operational security practices, controlled access, service resilience, and documented management systems aligned with internationally recognised standards, including ISO 27001 and ISO 9001.

OpenWeather’s security and compliance approach is designed to protect information assets, support secure service delivery, and provide the level of assurance expected by procurement, IT, legal, and risk teams.

OpenWeather maintains management systems aligned with internationally recognised standards for information security and quality management.

• ISO 27001 supports our information security management framework, including risk-based controls for the confidentiality, integrity, and availability of information assets.
• ISO 9001 supports our quality management framework, including documented processes, operational consistency, and continual improvement across service delivery.

These standards strengthen our ability to support enterprise customers with structured governance, repeatable processes, and ongoing control improvement.

OpenWeather maintains formal policies, controls, and operational procedures to manage information security across systems, people, and processes. Our objective is to reduce the risk of cyber incidents, unauthorised access, data exposure, and operational disruption while supporting secure and dependable service delivery.

This framework includes:

• documented policies and procedures
• defined security responsibilities
• risk-based management of information assets
• operational review and continuous improvement

OpenWeather applies formal policies for the classification and handling of information. Information is categorised into three classes: public, internal, and restricted, with corresponding controls applied according to sensitivity and business impact.

• Public information includes non-sensitive material such as weather forecasts and observation history.
• Internal information is treated as confidential and protected through appropriate access controls.
• Restricted information may include customer-sensitive data such as emails and billing addresses, and is subject to tighter access controls and encryption measures.

OpenWeather maintains an asset inventory across hosted and cloud resources to identify where information is stored and which controls apply. This also supports visibility across the software stack and timely response to vulnerabilities.

OpenWeather applies administrative, physical, and technical controls as part of its security framework.

• Administrative controls include access management, policy enforcement, and personnel-related processes governing user access.
• Physical controls are designed to prevent unauthorised physical access to servers and processing environments.
• Technical controls include secure configuration and encryption for data at rest and in transit where appropriate.

Together, these controls help support the confidentiality, integrity, and availability of information and services.

OpenWeather applies controlled access practices designed to ensure that access to systems and data is limited to authorised users and approved purposes only.

Our approach includes:

• least privilege, restricting access to only the resources required for a role or function
• default-deny, limiting network traffic except where explicitly permitted
• role-based access provisioning, subject to management approval
• password management requirements designed to reduce account compromise risk

These controls help reduce unnecessary exposure and support accountability across systems and environments.

OpenWeather maintains incident-response procedures for the identification, investigation, management, and recovery of security incidents. In the event of suspected mishandling or unauthorised access to customer-related data, incidents are evaluated and managed in accordance with defined internal policies and operational procedures.

This includes:

• incident reporting and escalation
• investigation and recovery
• root-cause analysis
• evidence handling where required
• corrective improvement of controls and processes

Enterprise customers benefit from operational monitoring and service continuity practices designed to support reliable service delivery. Contractual commitments for data delivery and service availability are defined in the applicable commercial agreement.

Weather data remains probabilistic by nature. OpenWeather guarantees the delivery, availability, and performance of the service, not specific meteorological outcomes.

OpenWeather applies privacy and data protection practices designed to support the responsible handling of personal and customer-related information. Our Privacy Policy explains how we manage data collection, use, and protection in accordance with applicable policies and legal requirements.

OpenWeather’s security and compliance framework is designed to support enterprise procurement, due diligence, and operational onboarding. If your organisation requires additional information during supplier review, our team can support the appropriate enterprise engagement process.