raxIT AI logo

Security at raxIT AI

Last Updated: 2025-10-23

raxIT AI is built on Amazon Web Services (AWS) using the AWS Well-Architected Framework as our primary security benchmark. While independent attestations (including SOC 2) are in progress, we have aligned our controls with AWS best practices and operate a defence-in-depth program designed to protect the AI governance workloads entrusted to us.

1. Cloud-Native Foundation

Our production environment is architected within isolated AWS Virtual Private Clouds (VPCs) with dedicated subnets, network access controls, and service-to-service encryption. We leverage AWS Managed Services—including AWS Shield, CloudTrail, CloudWatch, GuardDuty, and Security Hub—for continuous telemetry and automated guardrails aligned to AWS Foundational Security Best Practices.

2. Identity & Access Management

  • Role-based access control with least-privilege IAM policies and automated provisioning.
  • Mandatory multi-factor authentication for privileged access and administrator workflows.
  • Quarterly access reviews and continuous monitoring for anomalous session activity.
  • Customer-facing controls to integrate with SSO providers and enforce organisational policies.

3. Data Protection

  • TLS 1.2+ enforced for all data in transit, including API traffic and inter-service communication.
  • AES-256 encryption at rest via AWS KMS with customer-specific keys available for enterprise plans.
  • Field-level encryption and tokenisation options for sensitive attributes.
  • Automated backup schedules with 30-day retention and cross-region replication for resiliency.

4. Secure Development Lifecycle

Security is embedded throughout our engineering lifecycle. We employ automated dependency scanning, static and dynamic analysis, peer review gates, and infrastructure-as-code pipelines with change approval workflows. Regular third-party penetration tests validate defensive depth, and identified findings are tracked to remediation using our internal risk register.

5. Governance & Roadmap

raxIT is actively pursuing SOC 2 Type I attestation with the objective of progressing to Type II coverage once evidence windows allow. ISO/IEC 27001 alignment is included in our control roadmap. Until formal audits are complete, we share AWS security assessments, architectural diagrams, and responses to standard security questionnaires under NDA to help customers complete due diligence.

6. Monitoring & Incident Response

  • 24/7 on-call coverage for platform and security events with automated alert escalation.
  • Documented incident response plan aligned to NIST 800-61 with quarterly tabletop exercises.
  • Customer notifications for material incidents within twenty-four (24) hours of validation.
  • Post-incident reviews shared with impacted customers, including corrective actions and timelines.

7. Shared Responsibility

Security is a partnership. While raxIT manages the platform, customers remain responsible for user provisioning, data classification, and adherence to applicable regulations. Refer to our Acceptable Use Policy and Privacy Policy for further obligations.

Questions about our security program or requests for due-diligence documentation can be directed to security@raxit.ai. We welcome coordinated disclosure reports and will collaborate closely with customers throughout the SOC attestation process.