Frequently Asked Questions

This FAQ covers the most common questions about the AiVRIC security and compliance platform, including deployment, data handling, pricing, and support. For anything not covered here, you can reach the team at [email protected].

Getting Started

1. What is AiVRIC?

AiVRIC is a cloud-security and compliance platform that continuously analyzes your cloud and hybrid environments, identifies risk, maps controls to frameworks such as PCI DSS, SOC 2, CMMC L2, and ISO 27001, and provides AI-driven remediation guidance to help you close gaps faster.

2. Who is AiVRIC designed for?

AiVRIC is built for security, compliance, and IT leaders in small, mid-market, and growth-stage enterprises that operate in cloud or hybrid environments and must demonstrate strong security and regulatory compliance to customers, partners, regulators, and auditors.

3. How do I start a free trial?

You can start a 14-day free trial directly from the Pricing page by selecting a plan and creating an account. No credit card is required for the initial trial. Once your account is created, you will be guided through connecting your first environment.

Deployment and Integrations

4. Which environments does AiVRIC support?

AiVRIC is optimized for cloud and hybrid deployments. Current support includes major public cloud providers (for example, AWS, Microsoft Azure, and Google Cloud Platform) and can extend to select on-premises workloads through connectors and API-based integrations.

5. How is AiVRIC deployed?

AiVRIC offers two flexible deployment options designed to meet the security, data-ownership, and operational requirements of modern organizations:

1. Local Windows Executable (Self-Managed):

   AiVRIC can be deployed as a locally installed Windows executable, storing all data on the customer's device or internal systems. This model provides full control over data residency and allows customers to integrate their preferred AI provider by supplying their own API keys. Licensing is provided on an annual subscription basis.

2. Customer-Hosted SaaS (Kubernetes Deployment):

   AiVRIC is also available as a containerized SaaS solution deployed directly into the customer's cloud environment via a dedicated Kubernetes cluster. This deployment model ensures customers retain complete ownership of all configuration and security telemetry generated by the platform. The SaaS environment is licensed annually and operates fully within the customer's controlled cloud environment, ensuring security, compliance, and operational alignment with internal policies.

6. Does AiVRIC support multi-account or multi-tenant environments?

Yes. AiVRIC is designed to monitor multiple cloud accounts, subscriptions, or projects from a single console. You can group environments by business unit, portfolio company, or customer tenant and apply policies, reporting, and access controls accordingly.

Security and Data Protection

7. What type of data does AiVRIC collect?

AiVRIC collects configuration metadata, security findings, vulnerability insights, and compliance-related telemetry required to assess risk and control posture. For the Windows Executable, all data remains stored locally within the customer's environment and does not leave the device unless the customer chooses to export or synchronize it. For the Customer-Hosted SaaS (Kubernetes) deployment, all data is generated, stored, and processed entirely within the customer's cloud environment�ensuring the customer maintains full control over data residency, retention, and access.

8. Where is AiVRIC data stored?

Data storage is determined by the customer's chosen deployment model:

1. Windows Executable (Self-Managed):

   All data is stored locally on the customer's device or internal systems, with no external transmission unless initiated by the customer.

2. Customer-Hosted SaaS (Kubernetes Cluster):

   AiVRIC is deployed into the customer's own cloud account (AWS, Azure, or GCP). All configuration, scan results, and analytics data remain within the customer-controlled cloud environment. The customer owns all data generated by the platform.

This model provides complete data-sovereignty and supports any region where the customer operates.

9. How does AiVRIC protect my data?

AiVRIC implements layered security controls, including encryption in transit and at rest, role-based access control, audit logging, secure software development practices, and continuous monitoring of the platform. Additional information can be provided under NDA as part of a detailed security and compliance review.

10. Does AiVRIC access production traffic or customer content?

By default, AiVRIC focuses on configuration and security telemetry rather than application payload data. In situations where deeper inspection is required (for example, for certain vulnerability checks), this will be clearly documented and scoped to minimize exposure of sensitive content.

Compliance and Framework Coverage

11. Which frameworks and standards does AiVRIC support?

AiVRIC provides opinionated mappings and control views for commonly used frameworks, including:

• PCI DSS
• SOC 2 Trust Services Criteria
• CMMC Level 2
• ISO/IEC 27001
• Baseline CIS and cloud-hardening benchmarks

Additional frameworks and industry overlays can be configured for enterprise customers.

12. Can AiVRIC help with audit preparation?

Yes. AiVRIC centralizes findings, control coverage, and evidence, making it easier to prepare for assessments. You can generate framework-specific reports, export evidence summaries, and track remediation progress for use with auditors, assessors, and stakeholders.

Features and Capabilities

13. What is �AI-powered remediation� in AiVRIC?

AiVRIC uses AI to analyze findings across your environments and generate prioritized, context-aware remediation guidance. Recommendations can include configuration changes, compensating controls, and suggested tickets that can be pushed to your IT or DevOps workflows.

14. Does AiVRIC perform active penetration testing?

AiVRIC focuses on configuration analysis, posture assessment, and control validation. Where active scanning is used, it is scoped to approved targets and designed not to disrupt production services. Formal penetration testing engagements may be available through AiVRIC partners and professional services.

15. Can AiVRIC integrate with my existing tools?

Yes. AiVRIC can integrate with issue-tracking platforms, collaboration tools, SIEMs, and ticketing systems so that findings and remediation tasks flow into your existing operational processes. Specific integrations may vary by plan and roadmap; enterprise customers can request additional connectors.

Pricing and Licensing

16. How is AiVRIC priced?

AiVRIC pricing is subscription-based and typically scales with the number of cloud accounts, assets, or environments you connect. The pricing tiers on the Pricing page outline core packages, and enterprise pricing is available for organizations with customized requirements.

17. What happens at the end of my free trial?

At the end of your trial, you can convert to a paid subscription without losing data or configuration. If you choose not to continue, your account will be deactivated and data will be retained or deleted according to our data-retention policy and any applicable agreements.

18. Can I upgrade or downgrade my plan?

In most cases you can adjust your plan at the end of your current billing period or as permitted by your subscription agreement. For enterprise customers, plan adjustments are coordinated through your account manager.

Support and Operations

19. What support options are available?

Standard subscriptions include business-hours email support, access to product documentation, and platform announcements. Higher tiers include priority support, extended support hours, and access to AiVRIC experts for onboarding and best-practices guidance.

20. How do I report a security issue or vulnerability in AiVRIC?

If you believe you have identified a security issue in the AiVRIC platform, please contact us immediately at [email protected] with a detailed description. Do not publicly disclose potential vulnerabilities until our team has had an opportunity to investigate and respond.

21. How can I request a demo or speak with the AiVRIC team?

You can request a live demonstration or strategy conversation by completing the form on the Contact page or by emailing [email protected]. Our team will coordinate time with you based on your preferred schedule and use cases.

Still have questions? Reach out to [email protected] and we will be glad to help.