Security Program

Our security practices are benchmarked against industry-leading frameworks:

• Australian Cyber Security Centre Essential Eight
• NIST Cybersecurity Framework
• ISO/IEC 27001
• SOC 2 Type II

Slate is currently undergoing a further security compliance program and is in progress with completing SOC 2, CPS 230, and CPD 234. See our trust website for more details trust.slateos.ai

Security Program

Access Controls

• Virtual Private Networks (VPNs) for secure access
• Network segmentation and controls
• Multi-factor authentication (MFA) enforced across all systems
• Role-based access control with least privilege principles

Data Encryption

• All data encrypted in transit using TLS 1.2+
• All data encrypted at rest using AES-256
• Encryption keys managed through secure key management services

Monitoring & Logging

• Continuous monitoring and logging of all systems
• Centralised log management for security analysis
• Alerting for unusual activities and potential security events
• Regular review of security logs and audit trails

Secure Development

• Security integrated throughout the software development lifecycle
• Automated security testing in CI/CD pipelines
• Code reviews with security considerations
• Dependency scanning and vulnerability management
• Regular penetration testing

Infrastructure

Slate is hosted on Google Cloud Platform (GCP), which maintains comprehensive security certifications and compliance programs. Our infrastructure includes:

• Isolated network environments
• Automated security patching
• Infrastructure as Code with security policies
• Regular security assessments