Our Technology

Our security framework is built on six foundational pillars, each reinforced by advanced AI to enhance speed and accuracy:

• Cloud Security: We continuously monitor our cloud environments to prevent misconfigurations and secure our infrastructure.
• Application Security: Security is integrated directly into our software development lifecycle, protecting against vulnerabilities in both our code and open-source libraries.
• Identity & Access Management: We enforce centralized, strict control over employee and customer access, ensuring permissions are appropriate and immediately revoked when no longer necessary.
• Endpoint & Workforce Security: All company devices are hardened, encrypted, and equipped with remote wipe capabilities. We pair this with strong email security and mandatory workforce training to mitigate human-error risks.
• Threat Detection & Response: Our systems and networks are monitored 24/7 by our security partner, to rapidly identify and contain potential threats.
• Compliance & Governance: We maintain SOC 2 certification and conduct rigorous vendor reviews to manage supply chain risk and provide assurance to our clients and partners.

• Encryption: All client data is protected with strong encryption, both at rest and in transit.
• Access Control: We enforce multi-factor authentication (MFA) for all administrative access and utilize a role-based access control scheme to ensure access is restricted to authorized personnel.
• Threat Detection: We use a threat detection monitoring tool for continuous network oversight. System firewalls are configured to limit unnecessary ports and protocols.
• Code and Data Security: We have a strict source code management protocol with access controls and automated security scans. Our databases are configured with role-based permissions and encryption.
• Employee Security: All employees and contractors undergo background checks and are required to complete annual information security and awareness training.

AI is a critical component of our security program, enhancing our ability to protect our systems with greater speed and precision. We use AI to:

• Detect misconfigurations and risky changes in our cloud environment.
• Review code continuously to surface high-impact vulnerabilities.
• Analyze access patterns to detect anomalies and automate the rightsizing of permissions.
• Identify phishing attempts and device anomalies that may be missed by human review.
• Correlate signals across systems for faster, more accurate threat alerts.

Our proactive approach to security includes:

• Implementing the NIST Secure Software Development Framework (SSDF).
• Conducting thorough security testing and code reviews during the development lifecycle.
• Implementing strong input validation to prevent common attacks like SQL injection.
• Regularly monitoring for new and emerging AI-specific threats.
• Applying the principle of least privilege to limit the potential impact of any compromise.

Yes. Our threat detection and response capability includes 24/7 Security Operations Center (SOC) coverage through a third party.

We have also implemented automation to respond immediately to security alerts—such as disabling a compromised account or isolating a device—reducing our response time from hours to minutes.

Octus has successfully completed a SOC 2 Type II attestation, covering the systems and processes that support FinDox^TM and the Octus AI platform, a testament to our commitment to security and data protection. We have also adopted multiple frameworks from the National Institute of Standards and Technology (NIST) to align our security program with global best practices, including:

• NIST Cybersecurity Framework (CSF)
• NIST Secure Software Development Framework (SSDF)
• NIST AI Risk Management Framework (AI RMF) (Deployment in Q1 2026)

Octus adheres to comprehensive compliance and regulatory standards across all aspects of our business, including federal securities laws, anti-corruption regulations (FCPA), data privacy requirements, employment law, and accounting standards.

We maintain rigorous information barriers to ensure equal market access, strict internal controls to prevent insider trading, and ethical business practices in all our operations.

Our Compliance framework is designed to protect our customers, maintain the integrity of our data and insights, and ensure we operate with the highest standards of regulatory adherence and transparency.

Protecting client data is paramount. Our data privacy measures are governed by strict contractual provisions and internal policies.

• Data Isolation: We isolate each client’s information through logical separation, and where appropriate, physical separation, such as maintaining client-specific vectorized databases in CreditAI use cases.
• Data Anonymization: Data is anonymized before being used for training or operational purposes.
• Strict Access Controls: We implement and enforce strict, role-based access controls to restrict access to sensitive data.
• Data Use Limitation: Data is never used or disclosed to third parties outside the scope defined in our client agreements.
• Regular Audits: We conduct regular audits of our data security practices to identify and address potential vulnerabilities.

Our ethical framework is built on eight essential pillars that guide the development and deployment of our AI solutions:

• Fairness: Designing solutions to eliminate bias against individuals or groups.
• Transparency: Providing stakeholders with a clear understanding of what is happening in each AI solution.
• Explainability: Ensuring solutions can answer how and why a conclusion was reached.
• Accountability: Embedding human oversight and responsibility across the AI lifecycle.
• Data Integrity: Acquiring and using data in compliance with all applicable laws and assessing it for accuracy and quality.
• Reliability: Ensuring AI solutions operate consistently and precisely as intended.
• Security: Implementing robust practices to safeguard AI solutions against malicious actors or adverse events.
• Safety: Designing and implementing AI to safeguard against harm to people, businesses, and property.