logo-mark

Cookie Settings

We use cookies to operate this website, improve usability, personalize your experience and improve our marketing. Your privacy is important to us. Privacy Policy.

about-us-icon

Security at Phaidra

We take compliance seriously

logo-morsecode

Phaidra specializes in production-quality AI for mission-critical facilities.

SOC 2 Type 2 Report

soc

Phaidra has completed SOC 2 Type 2 auditing and attestation to ensure our security posture and implemented security controls meet the rigorous standards created by the American Institute of CPAs (AICPA). The SOC 2 Type 2 report is available for customers and potential customers upon request.

line-break

ISO/IEC 27001:2013 Certification

iso

Phaidra has obtained ISO/IEC 27001:2013 certification through the ANSI National Accreditation Board (ANAB) which demonstrates our commitment to the implementation, maintenance, and continuous improvement of an information security management system (ISMS) and speaks to the mature state of Phaidra's information security management program.

line-break

Organization & Governance

At Phaidra, we're committed to Information Security because we know the importance of security and data protection to our customers and stakeholders. Phaidra's Security Program includes key policies and procedures:

Access Control - Asset Management - Business Continuity and Disaster - Recovery Plan - Code of Conduct - Cryptography - Data Management - Human Resource Security - Incident Response Plan - Information Security (AUP) - Information Security Roles and Responsibilities - Operations Security - Physical Security - Risk Management - Secure Development - Third-Party Management

line-break

Data Security

Phaidra encrypts data at rest and in transit for all of our customers. We use tools like Google Cloud Platform (GCP) Key Management Service to manage encryption keys using hardware security modules for maximum security in line with industry best practices. Data in transit is encrypted at minimum using TLS 1.2 with a restricted list of cipher suites.

Only specific employees with authorized credentials can access your data. No data is stored locally on employee workstations.

line-break

Application Security

Phaidra regularly engages in third-party penetration testing. Penetration testers evaluate the source code, running application, and the deployed environment.

Phaidra also uses comprehensive DevSecOps tooling provided by GitLab and other vendors such as integrated security testing within the CI/CD pipeline, AppSec, and Compliance tooling to secure our product at every step of the development process.

line-break

Infrastructure Security

We take security very seriously and have strictly defined access control, information security and development practices. We follow the principle of least privilege and role based access control, enforced via the Google IAM service.

Access to Phaidra's production environment is restricted by default and is granted only for required business use. All platform access is audit-trailed. Phaidra also uses GCP KMS and Secrets Manager for protecting all internal keys, secrets and sensitive data.

line-break

AI Transparency & Explainability

Nobody trusts a black box. We've spent the past decade developing ways to illustrate not only what the AI is currently doing, but also how it's performed historically and what it's planning into the future. In our experience, maximizing transparency (i.e. turning the black box into a white box) is key to building trust with plant operators.

Phaidra Logo
linkedin

Subscribe to our blog

Stay connected with our insightful systems control and AI content.

You can unsubscribe at any time. For more details, review our Privacy Policy page.

© 2024 Phaidra, Inc. All Rights Reserved.
Alfred