Pro Logica AI

    Security & Compliance

    Our security program is aligned with enterprise expectations and modeled after SOC 2 and ISO 27001 control frameworks. We design systems to meet confidentiality, integrity, and availability requirements from the start. Documentation and evidence are available upon request for qualified buyers and partners.

    Control alignment

    We maintain controls aligned with SOC 2 and ISO 27001 principles, including access control, change management, vendor oversight, and incident response. Where required, we tailor controls to client-specific regulatory obligations and data handling policies.

    Encryption and data protection

    • Encryption in transit using modern TLS configurations
    • Encryption at rest for databases and object storage
    • Key management aligned to cloud provider best practices
    • Data minimization and scoped access to sensitive fields

    Access control and auditability

    • Least privilege access by default with role-based controls
    • Separation of duties for sensitive operations
    • Immutable audit logs for critical actions
    • Access reviews and permission changes tracked and recorded

    Secure SDLC

    We operate a secure software development lifecycle with enforced code review, automated testing, dependency scanning, and infrastructure-as-code controls. Security reviews are integrated into planning and release processes rather than treated as a final stage.

    • Code review with explicit acceptance criteria
    • Automated test coverage for critical workflows
    • Dependency and container scanning
    • Infrastructure changes tracked and peer-reviewed

    Incident response

    We maintain an incident response process with defined severity tiers, on-call escalation, and documented remediation steps. Post-incident reviews are conducted to identify root causes and implement corrective actions.

    Vulnerability disclosure

    We operate a responsible disclosure process. Security researchers can report findings directly to our team. We acknowledge reports promptly and provide remediation timelines where applicable.

    Contact: security@prologica.ai

    Data retention and deletion

    Data retention policies are defined per system and client requirement. We support configured retention windows, legal hold workflows, and secure deletion processes. Detailed retention schedules are available upon request.