Last updated: May 1, 2025
GridMind AI maintains a comprehensive security program designed for critical infrastructure operators. Our security posture is verified by independent third-party auditors and meets or exceeds requirements for NERC CIP-compliant environments.
We hold SOC 2 Type II certification (renewed annually), ISO 27001 certification, and are NERC CIP-aware in our design. Our CSRD and GRI reporting modules are independently verified for accuracy.
All data is encrypted in transit using TLS 1.3 with perfect forward secrecy. Data at rest is encrypted using AES-256. API keys are stored using one-way hashing and never appear in logs.
Our production infrastructure runs in SOC 2-certified cloud environments with VPC isolation, WAF protection, DDoS mitigation, and 24/7 security monitoring. All administrative access requires hardware MFA.
Our AI models are isolated from customer data during inference. Each model inference runs in an isolated compute context with no cross-customer data access. Federated learning gradient updates are verified and sanitized.
We maintain a responsible disclosure program at security@gridmindai.co. Critical vulnerabilities are patched within 24 hours. We conduct annual penetration testing by a qualified third party.
Our Security Incident Response Team (SIRT) operates 24/7. Enterprise customers receive notification within 1 hour of a confirmed security incident affecting their data. We maintain a 99.97% uptime record.
If you discover a security vulnerability, please report it to security@gridmindai.co with a detailed description. We operate a responsible disclosure program and will acknowledge receipt within 24 hours.