At Phaidra, we're committed to Information Security because we know the importance of security and data protection to our customers and stakeholders. Phaidra's Security Program includes key policies and procedures:

Access Control - Asset Management - Business Continuity and Disaster - Recovery Plan - Code of Conduct - Cryptography - Data Management - Human Resource Security - Incident Response Plan - Information Security (AUP) - Information Security Roles and Responsibilities - Operations Security - Physical Security - Risk Management - Secure Development - Third-Party Management

Phaidra encrypts data at rest and in transit for all of our customers. We use tools like Google Cloud Platform (GCP) Key Management Service to manage encryption keys using hardware security modules for maximum security in line with industry best practices. Data in transit is encrypted at minimum using TLS 1.2 with a restricted list of cipher suites.

Only specific employees with authorized credentials can access your data. No data is stored locally on employee workstations.

Phaidra regularly engages in third-party penetration testing. Penetration testers evaluate the source code, running application, and the deployed environment.

Phaidra also uses comprehensive DevSecOps tooling provided by GitLab and other vendors such as integrated security testing within the CI/CD pipeline, AppSec, and Compliance tooling to secure our product at every step of the development process.

We take security very seriously and have strictly defined access control, information security and development practices. We follow the principle of least privilege and role based access control, enforced via the Google IAM service.

Access to Phaidra's production environment is restricted by default and is granted only for required business use. All platform access is audit-trailed. Phaidra also uses GCP KMS and Secrets Manager for protecting all internal keys, secrets and sensitive data.

Nobody trusts a black box. We've spent the past decade developing ways to illustrate not only what the AI is currently doing, but also how it's performed historically and what it's planning into the future. In our experience, maximizing transparency (i.e. turning the black box into a white box) is key to building trust with plant operators.