Trust Center
We are committed to operationalizing data privacy, security, and AI governance, not as abstract principles but as auditable, measurable practices embedded in how our systems are designed, deployed, and monitored.
This Trust Center provides transparency into our security posture, risk management approach, and the controls we implement to ensure responsible use of data and AI. Our focus extends beyond compliance checklists to continuous assurance, aligning technical safeguards, organizational processes, and accountability mechanisms with evolving regulatory and ethical expectations.
We believe trust is not claimed, it is demonstrated through verifiable controls, clear documentation, and ongoing scrutiny.
We adhere to recognized industry standard frameworks, integrating them into a unified governance model grounded in the ARISE Framework that supports both compliance and operational resilience.
Our approach emphasizes:
Alignment with leading security and privacy standards
Monitoring and control validation
Risk-based assessment of systems and data processing activities
Documentation and auditability of key controls and decisions
Rather than treating compliance as a static process, we maintain a program that continually evolves alongside emerging threats, regulatory developments, and advances in AI capability.
Security & Compliance Program
Defines the baseline risk posture of our systems, including data sensitivity, access levels, and third-party dependencies. This profile informs control selection and prioritization across the security program.
Establishes governance and oversight for AI systems, including risk management, third-party evaluation, and responsible employee use. Ensures AI is deployed in a controlled, transparent, and accountable manner.
Outlines the legal and contractual frameworks that support compliance, including audit rights, insurance coverage, and third-party agreements. Provides structural assurance for accountability and risk transfer.
Documents the formal rules governing system use, access, and security practices. These policies create a consistent foundation for compliant and secure operations across the organization.
Defines the processes for identifying, reporting, and managing security incidents. Ensures timely containment, investigation, and resolution to minimize impact and maintain trust.
Describes the structured approach to identifying, assessing, and mitigating risks across systems and data. Includes ongoing evaluation of internal operations and external dependencies.
Provides visibility and control over organizational assets through tracking, classification, and automated discovery. Ensures all assets are properly managed and secured throughout their lifecycle.
Ensures operational resilience through defined continuity plans and recovery strategies. Supports the ability to maintain or quickly restore critical services during disruptions.
Equips employees with the knowledge required to handle data securely and recognize risks. Reinforces a culture of security and privacy through ongoing education and awareness programs.