Security and privacy
Built for enterprise grade security and privacy
We operate governed AI for security-critical environments. Customer data stays within contracted regions and is never used to train public models. All actions are logged for audit.
-
Data residency: Primary storage in the UK. EU & US tenancy on request.
-
Model isolation: No open-internet egress. Tenant-scoped runtime. No training on your data.
-
Audit retention: Event and action logs retained 365 days by default; export available; deletion within 30 days of request or contract end.
-
RBAC: Roles for Viewer, Operator, Manager, Admin. MFA supported. Least-privilege by default.
-
Breach response: 24×7 triage. Initial assessment within 4 hours. Client notification within 72 hours of confirmation.
Secure by design
We embed ISO 27001 principles into everything we build, from Cal’s AI decision-making to SIRV’s data workflows. Expect strong access controls, encryption, audit trails, and data minimisation across all environments.
Risk aware AI
Cal is engineered with enterprise data governance in mind. Prompts, outputs, and insights are handled securely, with clear policies on storage, usage, and access.
Procurement ready
Our alignment with ISO 27001 accelerates due diligence. We provide documentation and evidence of internal controls, audit processes, and risk mitigation practices, giving your compliance and security teams peace of mind.
Trusted by regulated organisations
From critical infrastructure to global corporates, our alignment with ISO 27001 supports organisations that operate in regulated, high-risk environments.
Cal and SIRV are ready to integrate with your standards, systems, and stakeholders, securely, and at scale.
"SIRV helped us move beyond basic reporting into a system that actively supports decision-making". Les O'Gorman, Director of Facilities, UCB - Pharma and Life Sciences
