Documentation, audit reports, and ongoing assessment activity. Most reports are available under NDA upon request.
Annual audit covering security, availability, and confidentiality. Latest report: November 2025.
Information security management system certification. Recertification cycle: October 2026.
Operations aligned to HIPAA Security Rule for healthcare customer engagements. BAA available.
Operational practices that support customers operating PCI-DSS environments. Not a certified service provider.
Internal program mapped to the NIST Cybersecurity Framework, version 2.0. Annual self-assessment.
Cloud Security Alliance STAR registry, Level 2 third-party assessment.
UK government-backed certification covering core technical controls. For UK customer engagements.
In progress — authorization expected Q3 2026 for public sector engagements.
Data is segregated per customer, encrypted in transit and at rest, and retained only for the period documented in your master service agreement. We do not train models on customer data.
All personnel with customer data access undergo background checks and ongoing security awareness training. Access is least-privilege, time-bounded, and logged.
A current list of subprocessors is available on request. Material additions are notified to customers in advance with a right to object.
Service operations are designed for 99.9% availability with documented business continuity and disaster recovery procedures, tested annually.
We operate a coordinated vulnerability disclosure program. Reports may be sent to security@cyberci.co using PGP key 0x4F8B…
GDPR and CCPA aligned. DPA available. Customer data is processed only as instructed and within documented sub-processing relationships.
The following documents are available to current and prospective customers under NDA. Email trust@cyberci.co with your request.