1. Our Security Principles
- Zero-Trust by Design: Every request authenticated, every response verified.
- Least Privilege: Access is granular, time-bound, and auditable.
- Defense in Depth: Layered controls across identity, network, application, and data.
- Evidence over Assumptions: Integrity Chains™ and Digital Witness™ modules ensure verifiable trust.
2. Frameworks & Standards
Our security architecture aligns with internationally recognised standards and regulatory frameworks, including:
- ISO/IEC 27001 (Information Security Management)
- ISO/IEC 27018 (Cloud Privacy)
- NIST Cybersecurity Framework
- EU NIS2 Directive & DORA for financial services
- GDPR and Liechtenstein Data Protection Act
3. Core Controls
- Encryption: TLS 1.3 in transit, AES-256 at rest, hardware-backed key management.
- Identity & Access Management: MFA, adaptive policies, and continuous verification.
- Integrity Chains™: Immutable audit trails for deployments, model training, and access events.
- Digital Witness™: Real-time compliance telemetry and policy enforcement.
4. Security Operations
Our Security Operations Cell in Liechtenstein monitors systems 24/7 for anomalies, policy drift, and threat indicators. Incident response is codified in runbooks aligned with ISO 22301 and NIST SP 800-61.
5. Compliance & Certifications
We maintain and continuously improve our Information Security Management System (ISMS) in line with ISO/IEC 27001. Independent audits and penetration tests validate our controls. Additional certifications and attestations are available upon request under NDA.
6. Shared Responsibility
Security is a shared responsibility. While we provide hardened architectures and governance frameworks, clients must enforce complementary controls within their operational scope. We provide guidance and playbooks to support this alignment.