Security at AssetCore.ai

Security is fundamental to everything we do. We protect your data with enterprise-grade security measures and maintain the highest standards of compliance.

Our Security Commitment

AssetCore.ai implements comprehensive security measures to protect your asset management data. Our security program is built on industry best practices and continuously evolves to address emerging threats.

Defense in Depth

Multiple layers of security controls protect your data at every level of our infrastructure.

Least Privilege

Access is granted only to those who need it, with minimal permissions required for their role.

Continuous Improvement

Regular security assessments and updates ensure our defenses evolve with the threat landscape.

Data Protection

Data at Rest

  • All databases encrypted using AES-256 encryption
  • Field-level encryption for sensitive data
  • Encrypted backups with secure key management
  • Data residency in Canadian data centers

Data in Transit

  • TLS 1.3 encryption for all data transmissions
  • HSTS (HTTP Strict Transport Security) enabled
  • Certificate pinning for mobile applications
  • End-to-end encryption for sensitive operations

Infrastructure Security

Cloud Security

Hosted on AWS with enterprise-grade security controls, including VPC isolation, security groups, and network ACLs.

Infrastructure Monitoring

24/7 monitoring with automated threat detection, intrusion prevention, and real-time security alerts.

Disaster Recovery

Automated backups, multi-region replication, and tested disaster recovery procedures ensure business continuity.

Application Security

Secure Development

  • Secure Coding: All developers trained in OWASP best practices
  • Code Reviews: Mandatory peer reviews for all code changes
  • Automated Testing: Comprehensive test coverage including security tests
  • Dependency Scanning: Regular vulnerability scanning of third-party libraries

Security Testing

  • Penetration Testing: Annual third-party security assessments
  • Vulnerability Scanning: Continuous automated security scanning
  • Static Analysis: SAST tools integrated into CI/CD pipeline
  • Dynamic Analysis: DAST testing of running applications

Access Control & Authentication

Multi-Factor Authentication

MFA required for all user accounts

Single Sign-On

SAML 2.0 and OAuth 2.0 support

Role-Based Access

Granular permissions based on roles

Session Management

Automatic timeout and secure sessions

Compliance & Certifications

AssetCore.ai is committed to achieving and maintaining the highest standards of compliance to ensure the security and protection of your data.

SOC 2
Type II

In Progress

Expected Completion: January 2026

Our Compliance Roadmap

Current Focus

SOC 2 Type II Certification

We are actively working towards SOC 2 Type II certification to demonstrate our commitment to security, availability, processing integrity, confidentiality, and privacy.

75% Complete

Target Completion: January 2026

Future Considerations

  • ISO 55000 Alignment for Asset Management Excellence
  • NIST Cybersecurity Framework Implementation
  • Additional certifications based on customer requirements

Incident Response

AssetCore.ai maintains a comprehensive incident response plan to quickly identify, contain, and remediate any security incidents.

1

Detect

24/7 monitoring and alerting

2

Respond

Immediate incident triage

3

Contain

Isolate affected systems

4

Recover

Restore normal operations

Security Contact: security@assetcore.ai

Employee Security

Security Training

  • Mandatory security awareness training for all employees
  • Annual security certification requirements
  • Regular phishing simulation exercises

Background Checks

  • Comprehensive background verification for all employees
  • Confidentiality agreements and NDAs
  • Regular security clearance reviews

Security Questions?

If you have any questions about our security practices or would like to report a security issue, please don't hesitate to contact our security team.

security@assetcore.ai privacy@assetcore.ai