Encryption in transit
TLS 1.3 with HSTS and modern cipher suites only.
ISO/IEC 27001
ISMS in operation, certification in process.
AIQCAT operates an ISMS aligned with the ISO/IEC 27001 control set, in active use across access control, change management, supplier risk, incident response, and business continuity. A formal certification audit is being arranged with an accredited certification body. Until the certificate is issued, AIQCAT does not describe itself as "certified" or "compliant."
ISO/IEC 27001 — alignedCertification — in processGDPR / UK GDPR / APPI
Controls
What we operate.
Encryption at rest
AES-256 with per-tenant envelope encryption.
Identity & access
SSO (SAML 2.0, OIDC). MFA required for administrative access.
Network
Private cloud per tenant tier; no public ingress to the grading environment.
Logging & monitoring
Centralised logging with immutable audit trails retained 12 months.
Vulnerability management
Continuous scanning; critical issues patched on a defined SLA.
Endpoint
Managed devices with mandatory disk encryption.
Personnel
Background checks and annual security training for all staff.
Incident response
If something goes wrong.
AIQCAT operates a documented incident-response plan with a severity rubric. Confirmed data-exposure events are notified to affected customers without undue delay, followed by a root-cause report.
T1
Critical
Confirmed data exposure or material integrity event — immediate mobilisation and prompt customer notification.
T2
High
Availability degradation or near-miss — notification and a published post-incident review.
T3
Standard
Operational issue with no customer-data impact — tracked in the operations digest.
Responsible disclosure
Report a vulnerability.
Researchers acting in good faith are protected under the AIQCAT safe-harbour policy. Submit findings to security@aiqcat.org; we acknowledge within one business day and credit qualifying reports.
Security disclosures
security@aiqcat.org