Security at Phaidra
We take compliance seriously
Phaidra specializes in production-quality AI for mission-critical facilities.
Phaidra maintains a SOC 2 Type 2 report to ensure our security posture and implemented security controls meet the rigorous standards created by the American Institute of CPAs (AICPA).
ISO/IEC 27001:2013 Certification
Phaidra has obtained ISO/IEC 27001:2013 certification through the ANSI National Accreditation Board (ANAB) which demonstrates our commitment to the implementation, maintenance, and continuous improvement of an information security management system (ISMS) and speaks to the mature state of Phaidra's information security management program.
Organization & Governance
At Phaidra, we're committed to Information Security because we know the importance of security and data protection to our customers and stakeholders. Phaidra's Security Program includes key policies and procedures:
Access Control - Asset Management - Business Continuity and Disaster - Recovery Plan - Code of Conduct - Cryptography - Data Management - Human Resource Security - Incident Response Plan - Information Security (AUP) - Information Security Roles and Responsibilities - Operations Security - Physical Security - Risk Management - Secure Development - Third-Party Management
Phaidra encrypts data at rest and in transit for all of our customers. We use tools like Google Cloud Platform (GCP) Key Management Service to manage encryption keys using hardware security modules for maximum security in line with industry best practices. Data in transit is encrypted at minimum using TLS 1.2 with a restricted list of cipher suites.
Only specific employees with authorized credentials can access your data. No data is stored locally on employee workstations.
Phaidra regularly engages in third-party penetration testing. Penetration testers evaluate the source code, running application, and the deployed environment.
Phaidra also uses comprehensive DevSecOps tooling provided by GitLab and other vendors such as integrated security testing within the CI/CD pipeline, AppSec, and Compliance tooling to secure our product at every step of the development process.
We take security very seriously and have strictly defined access control, information security and development practices. We follow the principle of least privilege and role based access control, enforced via the Google IAM service.
Access to Phaidra's production environment is restricted by default and is granted only for required business use. All platform access is audit-trailed. Phaidra also uses GCP KMS and Secrets Manager for protecting all internal keys, secrets and sensitive data.
AI Transparency & Explainability
Nobody trusts a black box. We've spent the past decade developing ways to illustrate not only what the AI is currently doing, but also how it's performed historically and what it's planning into the future. In our experience, maximizing transparency (i.e. turning the black box into a white box) is key to building trust with plant operators.