A managed-security provider has a privileged view of your business. We take that responsibility seriously — through certifications you can verify, an architecture you can interrogate, and documentation that's available before you sign. This page exists so your security and procurement teams don't have to ask.
Six active certifications, audited by named third parties. Reports available under MNDA before any commercial conversation.
Annual audit covering security, availability, processing integrity, and confidentiality. Continuous monitoring on the underlying controls.
Information security management system. Statement of applicability covers all 93 Annex A controls, with documented justifications for any scoped exceptions.
Quality management system. Why a security company carries 9001? Because predictable processes are a security control. Onboarding, change management, and incident handling are audited the same way detection is.
AI management system. The new standard for organisations that build with AI. Covers model lifecycle, training-data governance, human oversight, and the harms-mitigation register.
For US healthcare customers. Business Associate Agreement (BAA) executable on Keep and Citadel. Annual independent attestation against the HIPAA Security Rule safeguards.
Implementation Group 3 — the most stringent tier — across all 18 control families. Quarterly internal review, evidence available to customers in their portal.
Australian Information Security Registered Assessors Program assessment, targeting OFFICIAL: Sensitive. For Commonwealth and NSW state-government tenants.
For UAE financial-zone tenants. Mapped controls for ADGM Data Protection Regulations and DIFC Data Protection Law. Onshore data residency available out of UAE Central region.
EU and UK GDPR-aligned. Standard contractual clauses (2021) and IDTA in our DPA. Subprocessor list public and watchable.
Trust starts with technical choices. These are the ones we made — and the ones we'd push back on if a customer asked us to compromise.
Every customer's telemetry is logically isolated by tenant key from ingest through detection through retention. There is no analyst console that can join across tenants without a tenant-key claim derived from the customer's own SSO context.
In transit and at rest. We don't accept insecure transport even for low-sensitivity telemetry — there is no "but it's just metrics" exception in the spec.
Analysts get the least access they need to do the work in front of them. Privileged actions require fresh auth, are time-boxed, and are logged to an append-only audit ledger.
Your telemetry stays in the region you sign up in. We don't relocate data to chase compute price arbitrage. Cross-region transfer requires customer consent.
Models propose. Humans approve. The two narrow, customer-configured exceptions (high-confidence containment actions you pre-authorise) are the only places automation acts without an analyst in the loop — and you can pause them with a single switch.
If you leave us, we hand your telemetry back. Not a portal export limited to last 30 days — your full retained event corpus, in a documented schema, to a destination you control.
Detail your security team will care about. Full architecture diagrams (component-level, with VPC layouts, key custody, and trust boundaries) are available under MNDA.
Public list, version-controlled. Customers are notified 30 days before any addition. Removals are silent.
| Vendor | Purpose | Region | Data category |
|---|---|---|---|
| Amazon Web Services | Compute, storage, KMS | AU · UAE · EU · US | All telemetry & metadata |
| Microsoft Azure | UAE region compute (UAE tenants) | UAE Central | Telemetry · UAE-only customers |
| Cloudflare | Edge TLS, DDoS, WAF | Anycast (region-locked routing) | Connection metadata only |
| Okta | Workforce IdP for IronCastle staff | Multi-region | Staff identity · no customer data |
| PagerDuty | Internal incident paging | US | Alert summaries · tenant-pseudonymised |
| Linear | Internal ticketing | US | Engineering tickets · no customer data |
| Stripe | Billing | US · EU · AU | Billing contact & payment metadata |
| Anthropic | LLM inference for run-book drafting | US (no-train enterprise) | Pseudonymised event summaries · no PII |
| OpenAI | Optional fallback LLM (Enterprise opt-in) | US (zero data retention enterprise) | Same as Anthropic above |
Every artefact a thorough security review needs, available before commercial close — most under MNDA, some public.
Full A-LIGN audit report with control descriptions, testing procedures, and any noted exceptions.
Request →All 93 Annex A controls with applicability decisions and justifications.
Download →Component-level diagrams, key custody flows, trust boundaries, multi-region failover.
Request →Bishop Fox annual external + internal engagement. Findings & remediation evidence.
Request →Pre-signed by Permus, fillable by you. Includes EU SCCs (2021) and UK IDTA.
Download →RTO/RPO targets, regional failover topology, last test results, runbook excerpts.
Request →Pre-completed CAIQ v4 and SIG Lite. We accept yours too — turnaround 5 business days.
Download →ISO 42001-aligned summary of model lifecycle, training-data governance, human oversight.
Download →We run a coordinated vulnerability disclosure program. Researchers acting in good faith will be acknowledged; serious findings on in-scope assets are eligible for bounties.