Security & Trust

Security & Trust

If you're evaluating Integrated AIS as part of a security review, vendor due diligence process, or procurement questionnaire, this page sets out how we approach data protection and secure deployment. It is written for CISOs, information security teams, and procurement — if something you need isn't covered here, our team can provide further detail directly.

Data protection posture

Our approach to data protection is built around encryption, least privilege, and minimising what we hold — applied consistently across every engagement, not tailored on a case-by-case basis.

Encryption in transit and at rest

Data exchanged between your systems and any Integrated AIS-managed infrastructure is encrypted in transit using current TLS standards. Data at rest — including any client data processed or stored as part of a deployment — is encrypted using industry-standard algorithms, with encryption keys managed and rotated separately from the data they protect.

Access controls and least privilege

Access to client environments, systems, and data is granted on a least-privilege, need-to-know basis and reviewed on a regular schedule. Every account is individually attributable — we do not use shared logins — and multi-factor authentication is required for any administrative or privileged access. Access is revoked as soon as a team member's role changes or their involvement in an engagement ends.

Segregation and data minimisation

Client data, models, and configurations are kept logically separate between engagements. We agree data handling, storage, and retention terms with every client before any data is processed, and we collect and retain only what is required to deliver the agreed scope of work.

Monitoring and incident response

We maintain logging and monitoring proportionate to the sensitivity of each deployment, and operate a documented incident response process so that any suspected security event is identified, contained, and communicated to affected clients without unnecessary delay.

Secure & on-premises / air-gapped deployment

For regulated industries and sovereign or defence-adjacent organisations, the greatest AI risk is rarely the model itself — it's the data path around it. Where a client's requirements call for it, we design and deploy AI systems entirely within the client's own infrastructure, with no dependency on external APIs or third-party cloud inference.

In a fully air-gapped deployment, models, data, and inference all run inside a network boundary with no connection to the public internet, so data cannot leave the environment even in principle. This matters most where data sovereignty, classification requirements, or contractual confidentiality make any external data path unacceptable, regardless of how well that path is secured.

Secure and on-premises deployment is a core part of how we design systems from the outset, not an option applied afterwards to something built on public cloud infrastructure. We work within a client's existing security architecture, hardware, and approval processes, rather than asking them to adopt new infrastructure to accommodate us.

Certifications & assurance

We are working towards independent verification of the practices described above. Each certification or framework below is in progress and will be linked to supporting evidence — certificates, audit reports, or assessment summaries — before it is referenced anywhere else on this site.

ISO 27001 (in progress)

Information security management systems.

ISO/IEC 42001 (in progress)

AI management systems.

Cyber Essentials (in progress)

UK government-backed cyber hygiene baseline.

None of the above should be read as a current claim of certification. This section will be updated, with evidence linked, before it is relied upon by any client, partner, or procurement process.

Need more detail for your risk assessment?

If you're running a vendor security review, due diligence process, or procurement questionnaire, our team can provide architecture diagrams, data flow documentation, and direct answers to your specific questions.

Contact our team about security