Platform Security Overview

Home / Security Documents
Backups Overview Data Retention Encryption in-transit Encryption at-rest Access Control Logging & Monitoring Incident Response Secure Engineering Vuln & Patch Mgmt Threat Management All Policies

Backups and restore coverage

AiVRIC takes encrypted daily snapshots of production services, aligned with the controls described in the Trust Center. Backup jobs are monitored and restores are periodically tested to validate recovery points and recovery time objectives.

  • Encrypted backups with key management aligned to Cryptographic Operations.
  • Daily snapshots with integrity checks; retention follows the Data Retention Policy.
  • Restore testing cadence: regular drills with ticketed evidence logged for audit.

For more detail on how backups intersect with access control, logging, and incident response, see the relevant policy summaries in this catalog.

Security Standard

Data Retention Policy

Retention aligns to business need, compliance, and customer configuration. Backups and logs are purged on schedule after rotation.

  • Customer data retention configurable per workspace; defaults align to SOC 2 evidence windows.
  • Backups inherit encryption and are deleted after retention; logs preserved for investigations then purged.
  • Deletion and subject rights handled per Data Retention Policy and Privacy Policy.
Security Standard

Encryption in-transit

Strong transport encryption for service-to-service and customer connections.

  • TLS 1.2+ with modern cipher suites.
  • Mutual TLS available for sensitive control-plane flows.
  • Transport security headers applied where applicable.
  • Certificate lifecycle managed per Cryptographic Operations.
Security Standard

Encryption at-rest

Data and backups are encrypted at rest with managed keys and role-based key custody.

  • AES-256 or better for managed storage.
  • Logical segregation of customer data.
  • Key management via KMS/HSM with dual control.
  • Customer-managed keys supported where required.
Security Standard

Access Control

Least-privilege model for workforce, platform, and connectors.

  • SSO/MFA enforced.
  • RBAC and separation of duties for privileged actions.
  • Quarterly access reviews.
  • Scoped API/connector credentials and secrets rotation.
Security Standard

Logging & Monitoring

Centralized logging and alerting for security-relevant events with export support.

  • Auth, admin, config, and connector events logged.
  • Alerts on privileged actions.
  • Retention aligned to investigations; customers can export to SIEM.
Security Standard

Incident Response Playbook

Defined severities, on-call rotations, and customer notification triggers.

  • Containment/eradication runbooks with evidence preservation from logging systems.
  • Post-incident reviews with ticketed remediation and tracked actions.
Security Standard

Secure Engineering & Architecture

Guidance for secure SDLC, reviews, and approved patterns.

  • Security design reviews for new features and integrations; patterns documented and approved.
  • Code scanning, dependency management, and change control practices to reduce risk.
Security Standard

Vulnerability & Patch Management

Scan, prioritize, and remediate vulnerabilities with defined SLAs.

  • Regular scanning and prioritization by severity/business impact.
  • Patch and remediation SLAs tracked with evidence; exceptions require approval.
Security Standard

Threat Management

Threat intel, modeling, and readiness exercises.

  • Threat modeling for high-risk services and connectors; findings drive control updates.
  • Readiness exercises and playbooks to validate detection and response capabilities.
Security Standard