With the Highest Quality Comes the Highest Security
%20images/xr4-2026-hero.png?width=1024&height=576&name=xr4-2026-hero.png)
When I joined Varjo in 2024, one thing became immediately clear: this company doesn’t treat security as a checkbox. Instead, it is built into the DNA of what we do, not something just added later for compliance reasons or customer reassurance.
That focus comes from the reality of where Varjo operates. Our XR headsets are deployed in aerospace, defense, maritime, industrial design, engineering, research, and other environments where the stakes are very real. In these settings, security is a prerequisite.
A single unexpected data path, an undocumented component, or an uncontrolled software update can be enough to derail accreditation processes or introduce unacceptable risk into operational systems. That is why we embed security across the entire lifecycle of our products, from manufacturing and hardware design to software behavior and governance.
Security that stands up to real-world operational demands
Organizations need confidence that devices behave predictably, that nothing transmits unexpectedly, and that suppliers and processes can withstand scrutiny. That’s why security at Varjo is not confined to our hardware, software, and manufacturing, but also encompasses our governance and ways of working.
Varjo’s Information Security Management System is certified to ISO/IEC 27001:2022, the globally recognized standard for information security management. Maintaining this certification means that our security practices and controls are independently audited and continuously improved.
Secure by design: hardware built for professional environments
When we engineered our latest generation of devices, the XR-4 Series, we did so with the premise that our customers would need full control over data flows.
The XR-4 headsets do not store session data or environmental content. Processing takes place on the customer's connected workstation, allowing organizations to apply their own security controls, monitoring, and governance practices without introducing additional risk inside the device.
Transparency is equally important. For security reviews and formal accreditation processes, Varjo can provide documentation such as Letters of Camera Usage and Letters of Volatility, outlining camera modules and memory components. These are often essential when integrating XR technology into restricted environments.
Secure manufacturing and supply chain integrity
Varjo works with world-class manufacturing partners whose processes include strict quality and security controls. These measures help prevent counterfeit components and ensure electronics are sourced only from original manufacturers or approved distributors.
For the most security-conscious deployments, XR-4 Secure Edition headsets are manufactured at our secure manufacturing facility in Finland (a NATO member state) and meet the Trade Agreements Act (TAA) requirements. They are also available without any wireless components. This provides an additional level of assurance for customers operating under strict sourcing and compliance rules.
Varjo's secure manufacturing facility in Finland
Xr-4 SERIES CAN BE USED OFFLINE
Many of our customers operate in environments where connectivity is prohibited.
The XR-4 Series supports deployment without internet connectivity through an offline package, eliminating the need for online activation and enabling operation in restricted or air-gapped networks. Offline operation is included by default with XR-4 Secure Edition.
Secure software with customer control at the core
Varjo Base, the software platform that manages Varjo headsets, is built around a simple principle: the customer stays in control.
Log files remain on the customer’s workstation. They are never transmitted automatically, and can be reviewed, deleted, or shared manually if needed for support. Automatic updates can be fully disabled, allowing organizations to decide when and how software changes are introduced, supporting internal testing, validation, and change management requirements.
Behind the scenes, Varjo Base follows a secure software development lifecycle. Every release undergoes automated vulnerability scanning, static code analysis, dependency checks, and manual code review before release.
Varjo Base has also received a Certificate to Field (CTF) from the United States Air Force, confirming it meets stringent operational and security requirements for use within U.S. Air Force Operational Test and Training Infrastructure.
Trusted by the most demanding organizations
Across my career in security, I’ve learned that real trust is earned through transparency, engineering discipline, and consistency over time.
Varjo’s security approach has earned the trust of organizations where failure is not an option. Our customers include Boeing, Lockheed Martin, the U.S. Department of Defense, the Finnish Air Force, and defense contractors and system integrators worldwide.
We work closely with our end users and integrators to provide the technical disclosures, documentation, and configuration options required for security authorization in the most sensitive deployments.
Secure XR without compromise
High-security XR does not have to mean reduced capability. With Varjo, organizations can deploy VR and XR solutions that meet rigorous security requirements while still delivering world-leading visual fidelity and performance.
For teams operating in environments where assurance is paramount, XR-4 was built to meet those demands, not as an add-on, but by design.
For a full FAQ on Varjo's security measures, read more from our Help Center.
%20images/xr4-2026-hero.png?height=460&name=xr4-2026-hero.png)
.jpg?height=460&name=_w5a3107%20(1).jpg)