TRUST

Security built for regulated industries

Enterprise-grade security controls, UK data residency, and comprehensive compliance frameworks. Designed to meet the demands of financial services, healthcare, and legal sectors.

ISO 27001:2022ISO 9001Cyber EssentialsGDPR

Independently certified

Our security controls are validated through external audits and recognised certification bodies.

ISO 27001:2022

Information security management certified to the 2022 standard, including AI-specific controls for cloud services and source code access.

  • Annex A 5.23: Cloud services security
  • Annex A 8.4: Source code access controls
  • Annex A 8.9: Configuration management
  • Annual external audits

ISO 9001

Quality management system certification demonstrating consistent service delivery and continuous improvement processes.

  • Documented processes
  • Regular management reviews
  • Customer feedback integration
  • Continuous improvement

Cyber Essentials Plus

UK government-backed certification verifying protection against common cyber threats through tested technical controls.

  • Firewall configuration
  • Secure system settings
  • Access control verification
  • Malware protection

GDPR Compliance

Full compliance with UK GDPR and the Data Protection Act 2018, with documented data processing agreements and subject rights procedures.

  • Data Processing Agreements
  • Subject access request handling
  • Data retention policies
  • Breach notification procedures

Security controls for AI systems

ISO 27001:2022 controls specifically addressing AI governance, supply chain security, and data protection.

01

Cloud Services Security

ISO 27001 Annex A 5.23

Granular configuration control over AI APIs with documented sub-processor relationships. Zero data retention policies active by default for all inference operations.

02

Source Code Protection

ISO 27001 Annex A 8.4

Role-based access with mandatory code review for all changes. Multi-factor authentication enforced across all repositories with continuous audit logging.

03

Configuration Management

ISO 27001 Annex A 8.9

System prompts and model configurations treated as infrastructure-as-code. All changes follow formal change management with safety regression testing.

04

Threat Intelligence

ISO 27001 Annex A 5.7

AI-specific threat monitoring using MITRE ATLAS framework. Rapid integration of new prompt injection and jailbreak defences into input validation layers.

05

Data Masking

ISO 27001 Annex A 8.11

PII redaction before inference using named entity recognition. Reduces exposure risk by ensuring models process only necessary information.

06

Access Control

ISO 27001 Annex A 5.15

Organisation-level permissions with role-based access. Complete audit trails for all document access and AI interactions.

Controls aligned with ISO/IEC 27001:2022 Annex A and NCSC Guidelines for Secure AI System Development.

Data sovereignty

Your data remains under your jurisdiction. UK residency by default, with options for complete infrastructure isolation.

Infrastructure hosted in PASF-accredited facilities suitable for law enforcement and public sector workloads.

01

UK Data Residency

All data processed and stored within UK data centres. AWS eu-west-2 (London) with PASF accreditation for Official-Sensitive workloads.

02

Zero Data Retention

Stateless processing architecture where data exists in memory only during inference. No customer data used for model training.

03

Encryption Standards

AES-256 encryption at rest, TLS 1.3 in transit. Customer-managed keys available for organisations requiring full key control.

04

Private Deployment

On-premise and private cloud options for organisations requiring air-gapped environments. Full platform capability within your infrastructure.

AI-specific security

Defences against adversarial machine learning attacks, built on the MITRE ATLAS framework and OWASP AI Security guidance.

Threat

Prompt Injection

Malicious instructions embedded in documents attempting to manipulate AI behaviour.

Defence

Input validation layers scan for injection patterns. System instructions prioritised over document content. Sandboxed execution prevents external access.

Threat

Data Poisoning

Attempts to corrupt model behaviour through malicious training data.

Defence

Cryptographic hashing of all training data. No ingestion of unverified public datasets. Anomaly detection monitors for distribution shifts.

Threat

Model Extraction

High-volume querying to replicate model capabilities or extract training data.

Defence

Rate limiting on all API endpoints. Output smoothing prevents confidence score leakage. Differential privacy techniques protect individual data points.

MITRE ATLASOWASP AI SecurityNCSC Secure AI Development

Enterprise compliance

Pre-mapped responses to standard procurement frameworks and sector-specific regulatory requirements.

SIG 2025

Standardised Information Gathering questionnaire responses available, including the new AI Risk and Operational Resilience domains.

CAIQ v4

Cloud Security Alliance Consensus Assessment responses covering AI-specific controls and published to the CSA STAR registry.

FSQS

Financial Supplier Qualification System registration for streamlined procurement with UK banking institutions.

Sector-specific documentation

Financial Services

  • FCA regulatory alignment
  • PRA SS2/21 exit strategies
  • DORA compliance support
  • SM&CR explainability reports

Healthcare

  • NHS DSPT toolkit compliance
  • DCB0129 clinical safety documentation
  • Caldicott Principles adherence
  • MHRA AIaMD guidance alignment

Legal

  • SRA Code of Conduct alignment
  • Legal professional privilege protection
  • Practice Direction 57AD support
  • Zero-retention architecture

Ready to discuss your requirements?

Our team can provide detailed security documentation, complete questionnaire responses, and arrange technical deep-dives with your security team.

Request security reviewContact security team
ISO 27001 CertificateISO 9001 CertificatePrivacy Policy