Defines the baseline risk posture of our systems, including data sensitivity, access levels, and third-party dependencies. This profile informs control selection and prioritization across the security program.

• Data Access LevelInternal
• Impact LevelLow
• Third Party DependenceNo

Documents the formal rules governing system use, access, and security practices. These policies create a consistent foundation for compliant and secure operations across the organization.

• Acceptable Use Policy
• Access Control Policy
• Auditor Principles

Outlines the technical controls embedded in our platforms to protect users and their data. Covers authentication, access control, encryption, and architecture.

• Audit Logging
• Data Security
• Integrations

Establishes governance and oversight for AI systems, including risk management, third-party evaluation, and responsible employee use. Ensures AI is deployed in a controlled, transparent, and accountable manner.

• AI Risk Management
• Responsible AI Statement
• Third-Party AI Diligence

Outlines the legal and contractual frameworks that support compliance, including audit rights, insurance coverage, and third-party agreements. Provides structural assurance for accountability and risk transfer.

• Customer Audit Rights
• Cyber Insurance
• Master Services Agreement

Describes how identity, authentication, and access are managed across all systems. Covers Google Workspace SSO, MFA enforcement, least privilege, lifecycle management, and access transparency controls.

• Internal SSO
• Directory & Lifecycle Management
• Admin Role Segregation

Documents our commitments to ethical business conduct, environmental stewardship, and social responsibility. Covers anti-bribery, code of ethics, diversity and inclusion, fair labor, and sustainability initiatives.

• Anti-Bribery and Corruption
• Code of Ethics
• Community Involvement

Defines the processes for identifying, reporting, and managing security incidents. Ensures timely containment, investigation, and resolution to minimize impact and maintain trust.

• Incident Reporting
• Privacy Incident Response
• Regulatory Notification

Describes the structured approach to identifying, assessing, and mitigating risks across systems and data. Includes ongoing evaluation of internal operations and external dependencies.

• Data Access/Impact Levels
• Risk Assessments
• Supply Chain Risk Management

Outlines our commitments to protecting personal data and honoring individual privacy rights. Covers breach notification, data subject requests, privacy impact assessments, and our designated Data Privacy Officer.

• Cookies
• Data Breach Notifications
• Employee Privacy Training

Provides visibility and control over organizational assets through tracking, classification, and automated discovery. Ensures all assets are properly managed and secured throughout their lifecycle.

• Asset Tracking
• Automated Asset Detection
• Asset Classification

Ensures operational resilience through defined continuity plans and recovery strategies. Supports the ability to maintain or quickly restore critical services during disruptions.

• Alternate Processing/Storage Site
• Business Continuity Program

Equips employees with the knowledge required to handle data securely, recognize risks, and use AI responsibly. Reinforces a culture of security and privacy through structured onboarding and ongoing annual education.

• Employee Privacy Training
• Security Awareness Training
• AI Risk Training

Assessed Intelligence is a fully remote workforce. This document describes the physical security controls and environmental safeguards protecting our infrastructure. Covers access controls, surveillance, environmental monitoring, and secure media handling.

• Data Center Physical Access Controls
• Environment Controls
• Safety & Security

Covers the controls used to protect data throughout its lifecycle from classification and encryption to backup, erasure, and secure handling of sensitive information across all storage and transit environments.

• Access Monitoring
• Certificates of Destruction
• Data Asset Classification

Covers the operational security controls governing our infrastructure, endpoints, networks, and corporate systems. Includes continuous monitoring, change management, vulnerability management, and security tooling across our environment.

• Email Protection
• Employee Handbook & Acceptable Use
• Employee Training

Documents the controls protecting company devices from malware, unauthorized access, and data loss. Covers EDR, disk encryption, DNS filtering, mobile device management, and host-based security across all endpoints

• Anti-Malware
• Disk Encryption
• Mobile Device Management

Describes the cloud infrastructure and platform security controls underpinning our services. Covers Firebase and GCP architecture, network segmentation, backup and recovery, workload protection, and environment isolation.

• Infrastructure Authentication
• Infrastructure Security Rules
• Infrastructure Cloud Functions IAM