← Back to Home

Security Practices

Last updated: 26 October 2025

1. Our Security Commitment

At Sovrush, security is fundamental to everything we do. As a sovereign AI platform handling sensitive data and mission-critical AI infrastructure, we employ defense-in-depth security practices aligned with Australian Government security frameworks and international best practices.

2. Infrastructure Security

Data Center Security

  • Australian-hosted data centers with Tier III or higher certification
  • 24/7 physical security with biometric access controls
  • Redundant power systems and environmental controls
  • Advanced fire suppression and cooling systems

Network Security

  • Multi-layered firewall architecture with intrusion detection and prevention
  • DDoS protection and traffic filtering
  • Network segmentation and zero-trust architecture
  • Encrypted communications using TLS 1.3 and modern cipher suites

Cloud Infrastructure

  • SOC 2 Type II compliant infrastructure providers
  • Infrastructure-as-Code (IaC) with security scanning
  • Automated security patching and vulnerability management
  • Container security and runtime protection

3. Data Protection

Encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for sensitive communications
  • Hardware Security Modules (HSMs) for key management

Data Isolation

  • Multi-tenant data isolation using cryptographic separation
  • Dedicated infrastructure for high-security clients
  • Air-gapped environments for classified AI workloads
  • Secure data destruction procedures

Backup and Recovery

  • Automated daily backups with geo-redundancy within Australia
  • Point-in-time recovery capabilities
  • Regular disaster recovery testing
  • Encrypted backup storage

4. Application Security

Secure Development

  • Security-first development practices (OWASP Top 10)
  • Code review and static analysis for all changes
  • Dependency scanning and vulnerability management
  • Penetration testing and security assessments

AI Model Security

  • Model access controls and authentication
  • Protection against adversarial attacks and model poisoning
  • Secure model training pipelines
  • Model versioning and audit trails

API Security

  • OAuth 2.0 and OpenID Connect authentication
  • API rate limiting and abuse prevention
  • Request validation and sanitization
  • API versioning and deprecation policies

5. Access Control and Identity Management

  • Multi-factor authentication (MFA) required for all accounts
  • Role-based access control (RBAC) with least privilege principle
  • Regular access reviews and privilege recertification
  • Centralized identity management and single sign-on (SSO)
  • Session management with automatic timeout
  • Audit logging of all access and authentication events

6. Monitoring and Incident Response

Security Monitoring

  • 24/7 security operations center (SOC) monitoring
  • Security Information and Event Management (SIEM)
  • Behavioral analytics and anomaly detection
  • Real-time threat intelligence integration

Incident Response

  • Documented incident response plan
  • Dedicated incident response team
  • Automated incident detection and alerting
  • Post-incident analysis and continuous improvement
  • Compliance with Notifiable Data Breaches (NDB) scheme

7. Compliance and Certifications

  • ISO/IEC 27001 Information Security Management System
  • Australian Government Information Security Manual (ISM) compliance
  • SOC 2 Type II audit reports
  • Regular third-party security assessments
  • IRAP (Information Security Registered Assessors Program) assessments for government workloads

8. Employee Security

  • Background checks for all employees with access to sensitive systems
  • Security awareness training and ongoing education
  • Confidentiality and non-disclosure agreements
  • Clear desk and clear screen policies
  • Secure remote work practices

9. Third-Party Security

  • Vendor security assessments before engagement
  • Contractual security requirements for all vendors
  • Regular vendor security reviews
  • Supply chain security management

10. Sovereign AI Security

As a sovereign AI platform, we implement additional security measures:

  • Australian-only data storage and processing
  • No offshore access to production systems without explicit authorization
  • Australian ownership and control of infrastructure
  • Alignment with Australian Cyber Security Centre (ACSC) guidance
  • Essential Eight maturity model implementation

11. Vulnerability Management

  • Continuous vulnerability scanning and assessment
  • Risk-based patching with SLA commitments
  • Coordinated vulnerability disclosure program
  • Bug bounty program for responsible security research

12. Your Security Responsibilities

While we maintain robust security measures, you also play a crucial role:

  • Use strong, unique passwords and enable MFA
  • Protect your credentials and API keys
  • Report suspected security incidents immediately
  • Follow security best practices for your own systems
  • Keep your software and systems up to date

13. Reporting Security Issues

If you discover a security vulnerability or incident, please report it immediately to:

Email: security@sovrush.com

We take all security reports seriously and will respond promptly. We request that you:

  • Provide detailed information about the vulnerability
  • Do not publicly disclose the issue until we have addressed it
  • Do not access or modify data that is not your own
  • Act in good faith to protect our users and systems

14. Security Updates

We continuously improve our security posture. This page is updated regularly to reflect our current security practices. For questions about our security program, contact security@sovrush.com