SECURITY

Security at Critical AI

Critical AI is a cloud-hosted cybersecurity and compliance platform designed with security as a foundational principle. We implement secure software development practices aligned with the OWASP Application Security Verification Standard (ASVS) Level 1.

Secure Development
Our platform follows secure coding and code review practices. All production changes undergo review before deployment. We perform dependency vulnerability monitoring and patch management on an ongoing basis.

Infrastructure Security
Critical AI is hosted on Google Cloud Platform. The platform benefits from Google’s globally certified infrastructure, including physical security, network protection, and encryption at rest.

Access Control
Administrative access to production systems is restricted to authorised personnel and protected by multi-factor authentication. Role-based access controls are enforced within the platform.

Encryption
All data is encrypted in transit using TLS 1.2 or higher. Data stored within the platform is encrypted at rest using cloud provider encryption mechanisms.

Logging & Monitoring
Security and operational events are logged and monitored. Access to administrative actions is auditable.

Backups & Recovery
Regular backups are performed and recovery procedures are tested periodically.

Vulnerability Disclosure
We support responsible disclosure of security vulnerabilities.

Report security issues to:
security@criticalai.com.au

We will acknowledge reports within 48 hours.