Maps to ISO 27001 and 42001
- Secure SDLC with code review, static analysis and dependency scanning
- SSO authentication with mandatory MFA for administrators
- Role and group-based authorisation
- Audit log of all administrative actions and data access
- Audit log of sensitive data shared with external AI models
- Data validation and input sanitisation
- Penetration test, annual and on major releases
- Vulnerability disclosure programme or bug bounty
- Version control and release notes
- Secrets management (no credentials in code)
- API rate limiting and abuse protection