AiVRIC User Guide

AiVRIC.com Trust Center Request demo Support

Security policy

Web Security

Protects AiVRIC web applications and APIs against common threats.

Applies to AiVRIC workforce, partners, and subprocessors Trust Center Acceptable use

On this page

Purpose & scope
Key controls
Operating procedures
Evidence & ownership

Purpose & scope

This policy guides how AiVRIC designs, operates, and validates Web Security across production, corporate, and partner environments.

It applies to employees, contractors, vendors, and any system interacting with AiVRIC data or services.

Key controls

Implement input validation, output encoding, and strong authentication.
Use HTTPS everywhere with modern TLS; enforce HSTS and secure cookies.
Enable WAF protections and rate limiting for public endpoints.
Conduct regular AppSec testing (SAST/DAST) and fix by SLA.

Operating procedures

Add security tests to CI pipelines and block releases on critical findings.
Review auth/authorization flows for new features.
Monitor for abuse patterns and tune WAF rules accordingly.

Evidence & ownership

Owner: Security & Compliance. Review cadence: annually or after material changes.

Evidence: Collected via AiVRIC audit logs, ticketing systems, monitoring dashboards, and vendor records as appropriate to this policy area.

Contact: [email protected]