Skip to content
Aurora MCP by Consilio

Compliance

This page is the short version, written for business stakeholders and their security counterparts. For specific evidence — SIG / CAIQ responses, attestations, architecture deep-dives, DPAs — please email infosec.clientrequests@consilio.com and we will route you to the right artifact.

How Aurora MCP fits with your existing Consilio engagement

Section titled “How Aurora MCP fits with your existing Consilio engagement”

Aurora MCP doesn’t change your contract or your data-processing agreement with Consilio. It uses the same identity, the same access controls, and the same data residency you already have. Anything your team is already cleared to see in the Consilio portal is what your AI assistant can ask about through Aurora MCP — nothing more.

Controls in plain terms

Section titled “Controls in plain terms”
  • Identity. Sign-in uses Consilio Identity, our enterprise identity service, with SSO and MFA. There are no separate Aurora MCP credentials to issue, rotate, or revoke.
  • Authorisation. Every request runs as the signed-in user against the same permissions they already have in the portal.
  • Token handling. Access tokens never reach the Aurora MCP service — they’re validated and terminated at Consilio’s gateway.
  • Tool surface. Read-only by design. No tool writes, updates, or deletes anything in your matters.
  • Data retention. No prompt content or tool output is retained by the MCP service. Operational telemetry (tool name, latency, status, caller identity) is kept short-term for abuse detection and performance.
  • Off-boarding. Aurora MCP access ends the moment the user’s Consilio access ends. There is no separate process.

What your AI provider’s terms cover

Section titled “What your AI provider’s terms cover”

When you use an AI assistant, that provider’s terms govern what their models do with your prompts and the answers they generate. Aurora MCP doesn’t alter those terms — it only provides data your assistant can cite. Many enterprise AI plans offer no-training and limited-retention guarantees; we recommend confirming yours separately.

Requesting evidence for procurement

Section titled “Requesting evidence for procurement”

Email infosec.clientrequests@consilio.com with your organisation name and timeline. We routinely respond to:

  • SIG (Standardised Information Gathering) questionnaires.
  • CAIQ (Consensus Assessments Initiative Questionnaire).
  • Architecture / data-flow diagrams.
  • DPA and sub-processor lists.
  • Penetration-test summaries.
  • Security-incident response policy.

If you have a question that doesn’t fit any of the above, ask anyway — we’d rather help than gate-keep.