Security At Protex AI

Security Compliance

We built our security program around widely recognised industry standards, with a particular focus on ISO 27001. Achieving ISO 27001 certification demonstrates that we’ve put in place comprehensive security protocols designed to safeguard the confidentiality, integrity, and availability of customer information. Our organisation undergoes annual independent audits to maintain ISO 27001 certification.

While compliance forms a strong foundation, we don’t stop there. We continuously invest in additional technical and organisational controls to go beyond baseline requirements - ensuring that security remains central to both our platform and operational practices.

Infrastructure Security

We host Protex AI on AWS’s infrastructure-as-a-service (IaaS) platform, which is compliant with multiple security and privacy standards.

Organisational Security

Security Policies

We maintain a comprehensive set of security policies that govern both technical operations and organisational practices. These policies cover areas such as access control, data protection, incident response, and vendor management. Policies are reviewed and updated regularly, and are distributed to all employees to ensure awareness and compliance.

Employee Security Training

All personnel complete security awareness training as part of onboarding, with a focus on secure handling of data, phishing prevention, and internal security procedures. Training is refreshed periodically, and all employees are contractually bound by confidentiality agreements covering the handling of sensitive information.

Endpoint Security and Device Management

All corporate workstations are enrolled in a Mobile Device Management (MDM) system that enforces device-level security controls. These include:

• Full-disk encryption
• Automatic screen lock and timeout
• Enforced use of strong authentication
• Antimalware and endpoint protection software
• Restriction of local administrative privileges

These controls are applied consistently across the organisation to reduce endpoint-related risks.

Product Security

Identity and Access Management (IAM)

We implement centralised identity and access management to control employee access to systems and data. Key controls include:

• Role-based access provisioning
• Least privilege enforcement
• Mandatory multi-factor authentication (MFA) for all systems that handle sensitive or production data

All administrative access is logged, with activity recorded via detailed audit logs and session capture, enabling full traceability of privileged actions.

Encryption

At Protex AI, data is encrypted by default:

• Data at rest using one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256)
• Data in transit using TLS 1.2 at a minimum

Software Development and Secure Deployment

Our software development lifecycle (SDLC) integrates security at multiple stages:

• All code changes undergo automated testing
• Security-impacting changes require peer code review by qualified engineers
• Reviews evaluate for security flaws, performance issues, and abuse vectors
  

Code is deployed first to a staging environment for validation. Only builds that pass quality and security checks are promoted to production.

Availability, Backups, and Data Resilience

Our infrastructure leverages multiple layers of redundancy to support high availability. This includes:

• Load balancing across services
• Distributed task processing
• Highly available and replicated data stores
  

We maintain regular, point-in-time backups with tested recovery procedures. We also conduct annual disaster recovery testing to validate our preparedness for continuity and recovery scenarios. These measures significantly reduce the likelihood of data loss or extended downtime in the event of a disruption.

Trust Center

We maintain a dedicated Trust Center to provide clients with access to current security documentation and third-party assessments. Available materials include:

• ISO/IEC 27001 certification
• Latest third-party penetration test summary
• Catalog of internal security policies

To protect the confidentiality of this information, access is granted under a non-disclosure agreement (NDA). Upon execution, authorised stakeholders will receive secure access to the requested materials.

Compliance & Certifications

We are ISO 27001 certified and aligned with GDPR, UK DPA, CCPA, and other applicable privacy frameworks.

‍