FAQ & support
Answers to the most common questions. Still need help? Reach out and we'll respond quickly.
Getting started
What is AiVRIC?
Cloud security and compliance platform that maps controls to PCI DSS, SOC 2, CMMC L2, ISO 27001, and generates AI-driven remediation guidance.
Who is it for?
Security, compliance, and IT leaders at small, mid-market, and growth-stage enterprises running cloud or hybrid environments.
How do I try it?
Start a free Jumpstart or 14-day trial from Pricing; no card required. Connect one environment and follow the guided setup.
Deployment & integrations
Supported environments
AWS, Azure, GCP, with connectors for selected on-prem workloads.
Deployment options
Customer-hosted SaaS (Kubernetes) or self-managed Windows executable.
Multi-account/tenant
Monitor multiple accounts or projects from one console; group by BU, customer, or portfolio.
Integrations & APIs
Issue trackers, chat, SIEM, ticketing, and scoped APIs to export findings, configure guardrails, and manage workspaces.
Rollouts
Changes are staged and validated; updates announced via release notes and status comms.
Security & data protection
What data is collected?
Configuration metadata, security findings, vulnerability insights, and compliance telemetry needed for posture assessment.
Where is data stored?
Windows executable: stored locally. Customer-hosted SaaS: all data remains in your cloud account; you own residency and retention.
How is it protected?
Encryption in transit/at rest, RBAC, audit logging, secure SDLC, continuous monitoring; secrets stored with envelope encryption and rotation.
Production traffic?
Focuses on config and telemetry, not application payloads. Any deeper inspection is scoped and documented.
Compliance & frameworks
Framework coverage
Opinionated mappings for PCI DSS, SOC 2 TSC, CMMC L2, ISO/IEC 27001, plus baseline CIS/cloud-hardening benchmarks.
Audit prep
Centralizes findings, control coverage, and evidence; generate framework-specific reports and exportable summaries for assessors.
Features & capabilities
AI-powered remediation
Prioritized, context-aware guidance with suggested tickets, compensating controls, and playbooks aligned to findings.
Active testing
Posture, control validation, and scoped scanning only; formal penetration testing available via partners.
Tooling integrations
Ticketing, chat, SIEM, and SOAR connectors keep remediation in your existing operational flows.
Pricing & licensing
How pricing works
Subscription-based; scales with connected cloud accounts, assets, or environments. See Pricing for tiers.
Trial wrap-up
Convert to paid without losing data/config. If you opt out, data is retained or deleted per the data-retention policy and agreements.
Plan changes
Upgrades/downgrades typically at period end; enterprise changes coordinated with your account manager.
CloudSignals+RiskOps™
What is CloudSignals+RiskOps?
AiVRIC's continuous cloud security posture and compliance automation engine. It ingests configuration telemetry from connected cloud and SaaS providers, maps findings to compliance frameworks, scores risk, and surfaces AI-driven remediation guidance — updated every 24 hours.
Which cloud providers are supported?
AWS, Microsoft Azure, Google Cloud Platform, Kubernetes, GitHub, Microsoft 365, MongoDB Atlas, and Alibaba Cloud. See the Connectors guide for step-by-step setup instructions for each.
How often are scans run?
Automatically every 24 hours per connected provider. You can also trigger on-demand scans at any time from the provider card in Settings. Scan windows are configurable to avoid peak-traffic periods or change-freeze policies.
What compliance frameworks are supported?
SOC 2 Type II (all five TSC), PCI DSS v4.0, ISO/IEC 27001:2022, CMMC Level 2, CIS Benchmarks (L1 & L2), and NIST CSF 2.0. Evidence is captured automatically per scan for each enabled framework.
What credentials does AiVRIC need?
Read-only access only — AiVRIC never requires write access for monitoring. AWS uses IAM role assumption; Azure uses a Service Principal with Reader role; GCP uses a Service Account Key; Kubernetes uses a kubeconfig with read-only RBAC. Remediation roles are opt-in and separately scoped.
Can I run a one-time scan without enabling recurring scans?
Yes. Select Run a single scan during connector setup to perform a one-off audit without enabling the 24-hour recurring schedule. Useful for proof-of-concept assessments.
How are findings prioritized?
Findings are classified by severity (Critical, High, Medium, Low). The risk engine weights them by exploitability context, asset criticality, and control coverage gaps. AI-driven remediation steps are attached to each finding, including suggested ticket content and compensating controls.
Can I send findings to Slack, Jira, or my SIEM?
Yes. CloudSignals+RiskOps integrates with Slack, Microsoft Teams, Jira, ServiceNow, Splunk (via HEC), Microsoft Sentinel (via data connector), and any SIEM that accepts CEF syslog or JSON. Webhooks are available for custom endpoints. Configure in Settings > Notifications and Settings > Integrations.
How do I export evidence for auditors?
Generate framework-specific evidence bundles (SOC 2, PCI DSS, ISO 27001) from the Reports panel. Bundles include control status, supporting data, and a pass/fail summary. CSV and JSON exports are also available directly from the Findings panel or via the Findings API.
Can I manage policies as code?
Yes. The Policy API provides full programmatic control over rules, policy packs, and suppression entries. Policies are versioned and auditable; all changes are attributed to the author. Download the OpenAPI 3.0 spec from Settings > API.
Support & operations
Support options
Standard includes business-hours email; higher tiers add priority and extended hours plus onboarding and best-practice guidance.
Report a security issue
Email [email protected] with details. Please do not publicly disclose until we respond.
Request a demo
Book time via the demo request link or email [email protected].
Status & feedback
Severity-based SLAs govern response; ask your CSM for the status dashboard. We review feedback weekly for guide updates.