Security & Compliance
Last Updated: December 2024
RiskAI is built with enterprise-grade security controls to meet the demands of regulated financial institutions. Our platform is designed to help you maintain the highest standards of security and compliance while accelerating your AI adoption.
ISO 27001 Compliant
GDPR Compliant
EU AI Act Ready
SOC 2 Type II Compliant
1. Security Governance
RiskAI maintains a comprehensive security governance framework that includes:
- Regular security assessments and penetration testing
- Security awareness training for all employees
- Incident response procedures and escalation protocols
- Vendor security assessments and monitoring
- Security metrics and reporting to executive leadership
2. Infrastructure Security
Cloud Hosting & Data Centers
Our platform is hosted on ISO 27001-certified cloud infrastructure with redundant data centers in the EU and US. We maintain multiple availability zones to ensure high availability and disaster recovery capabilities.
Network Security
We implement multiple layers of network security including firewalls, DDoS protection, and intrusion detection systems. All network traffic is monitored and logged for security analysis.
Physical Security
Our cloud providers maintain strict physical security controls including 24/7 monitoring, biometric access controls, and environmental controls to protect against physical threats.
3. Data Security
3.1 Encryption
- Data at Rest: AES-256 encryption for all stored data
- Data in Transit: TLS 1.3 encryption for all communications
- Key Management: Key Management System for key storage
- Database Encryption: Transparent Data Encryption (TDE) for databases
3.2 Data Backup & Recovery
- Automated daily backups with point-in-time recovery
- Geographically distributed backup storage
- Regular backup testing and validation
- Recovery time objective (RTO) of 4 hours
- Recovery point objective (RPO) of 1 hour
4. Access Management
4.1 Authentication & Authorization
- Multi-factor authentication (MFA) for all user accounts
- Single Sign-On (SSO) support for enterprise customers
- Role-based access controls (RBAC)
- Just-in-time access provisioning
- Regular access reviews and privilege audits
4.2 Identity Management
- Centralized identity management system
- Automated user lifecycle management
- Integration with enterprise identity providers
- Session management and timeout controls
5. Application Security
5.1 Secure Development
- Secure coding practices and standards
- Static and dynamic code analysis
- Regular security code reviews
- Dependency vulnerability scanning
- Security testing in CI/CD pipeline
5.2 Vulnerability Management
- Regular vulnerability assessments
- Automated security scanning
- Patch management and deployment
- Security advisory monitoring
- Third-party security assessments
6. Monitoring & Logging
6.1 Security Monitoring
- 24/7 security operations center (SOC)
- Real-time threat detection and response
- Security information and event management (SIEM)
- Anomaly detection and behavioral analysis
- Automated incident response workflows
6.2 Audit Logging
- Comprehensive audit trails for all system activities
- Immutable log storage and retention
- User activity monitoring and analytics
- Compliance reporting and dashboards
- Log integrity verification
7. Incident Response
RiskAI maintains a comprehensive incident response program that includes:
- Dedicated incident response team
- Documented response procedures and playbooks
- Regular incident response exercises and training
- Customer notification procedures
- Post-incident analysis and lessons learned
8. Compliance & Certifications
8.1 International Standards
- ISO 27001: Information Security Management System
- ISO 23894: Risk Management for AI Systems
- ISO 42001: AI Management System
- SOC 2 Type II: Security, Availability, and Confidentiality
8.2 Regulatory Compliance
- GDPR: European Data Protection Regulation
- EU AI Act: European Union Artificial Intelligence Act
- CCPA: California Consumer Privacy Act
8.3 Industry Standards
- NIST AI Risk Management Framework: AI risk management best practices
- OECD AI Principles: International AI governance standards
- Basel Committee Guidelines: Banking sector AI governance
9. Client Responsibilities
While RiskAI provides a secure platform, clients are responsible for:
- Maintaining secure access to their accounts
- Ensuring data uploaded to the platform is authorized for processing
- Complying with applicable data protection laws
- Implementing appropriate security controls for their environment
- Regular review of access permissions and user accounts
10. Security Documentation
RiskAI provides comprehensive security documentation including:
- Security whitepapers and technical specifications
- Compliance reports and certifications
- Security questionnaires and assessments
- Incident response procedures
- Security architecture documentation
11. Contact Information
For security-related inquiries, please contact:
Email: info@riskai.tech
For Security Incidents:
Email: incident@riskai.tech
Last Updated: December 2024
This Security & Compliance information is regularly reviewed and updated to reflect our current security posture and compliance status.