Trust Center

Security You Can Verify

Transparent security practices, clear compliance status, and the artifacts you need for due diligence. Built for customers, investors, and partners who need to trust before they commit.

Compliance Status

Current Certifications & Standards

Our framework and operational practices align with industry-leading security standards.

Framework Aligned

SOC 2 Type II

The AI SecureOps Framework is designed for SOC 2 Type II compliance. All controls map directly to Trust Service Criteria.

  • Security principle coverage
  • Availability controls included
  • Confidentiality safeguards
  • Processing integrity verified
Framework Compatible

ISO 27001

Control structure supports ISO 27001 certification pathway. ISMS foundation included.

  • Annex A control mapping
  • Risk assessment methodology
  • Policy framework aligned
  • Continuous improvement built-in
Comprehensive

AI-Specific Controls

Purpose-built controls for AI/ML systems that go beyond traditional compliance frameworks.

  • Model governance controls
  • Data pipeline security
  • Prompt security measures
  • AI risk assessment

Security Practices

How We Protect Your Data

Security controls implemented across all client engagements and framework deployments.

Data Encryption

All data encrypted at rest (AES-256) and in transit (TLS 1.3). Customer data segregated by design.

Access Control

Role-based access with least privilege. MFA required for all systems. Regular access reviews.

Monitoring & Logging

Comprehensive audit logging. Real-time security monitoring. Anomaly detection enabled.

Infrastructure Security

Cloud-native security controls. Network segmentation. Regular vulnerability scanning.

Incident Response

Documented incident response plan. 24-hour notification SLA for security events.

Vendor Management

Third-party risk assessment for all vendors. Security requirements in all contracts.

Documentation

Trust Artifacts

Documents available for customers, investors, and partners conducting due diligence.

For Customers

Customer Security Package

Documentation for enterprise customers evaluating the framework for their security program.

Security Questionnaire (SIG Lite)

Pre-completed standardized security assessment

Available

Framework Architecture Overview

Technical architecture and control mapping

Available

Data Processing Agreement Template

GDPR-compliant DPA for engagements

Available

Penetration Test Summary

Executive summary of latest assessment

Available

Business Continuity Plan Summary

BCP and disaster recovery overview

Available
Request Customer Package
For Investors

Investor Due Diligence Package

Documentation for VCs and investors evaluating security posture of portfolio companies using the framework.

Framework Methodology

Detailed methodology and control rationale

Available

Certification Roadmap Template

Timeline and milestones for SOC 2/ISO

Available

Risk Assessment Framework

How we identify and quantify security risk

Available

AI Security Control Matrix

AI-specific controls and coverage mapping

Available

vCISO Transition Guide

How framework prepares for security leadership

Available
Request Investor Package

FAQ

Common Security Questions

Answers to questions we frequently receive during security reviews and due diligence.

How is client data protected during engagements?

All client data is encrypted at rest and in transit. We operate on a principle of minimum necessary access—consultants only access what's required for their specific deliverables. Client environments are never commingled, and all access is logged and auditable.

Do you have cyber insurance?

Yes. We maintain professional liability and cyber insurance coverage appropriate for our engagement scope. Details available under NDA during contracting.

How do you handle confidential information?

All engagements begin with a mutual NDA. Client information is classified and handled according to its sensitivity. We do not share client-specific information externally, and our team is bound by confidentiality obligations.

What happens to our data after an engagement ends?

Client data is retained for the agreed-upon period (typically 1 year for audit support), then securely deleted. Clients can request earlier deletion. Deletion is logged and confirmed in writing.

Can you support our security questionnaire process?

Yes. We maintain a pre-completed SIG Lite questionnaire and can support CAIQ, VSA, and custom questionnaires. For clients using the framework, we help them build their own questionnaire response capability.

How do you vet your team?

All team members undergo background checks and sign confidentiality agreements. We verify relevant certifications and maintain ongoing security awareness training requirements.

Security

Responsible Disclosure

We take security seriously. If you discover a security vulnerability, we want to hear from you.

Please report security vulnerabilities to security@[domain].com. We commit to acknowledging receipt within 24 hours and providing an initial assessment within 72 hours.

When reporting, please include:

  • • Description of the vulnerability
  • • Steps to reproduce
  • • Potential impact assessment
  • • Any suggested remediation

We do not pursue legal action against researchers who act in good faith and follow responsible disclosure practices.

Need Additional Documentation?

We're happy to provide additional security documentation for your due diligence process. Reach out with your specific requirements and we'll prepare the appropriate materials.

Request DocumentationView Framework