Enterprise Security Review

Enterprise

Documentation for procurement, security, and compliance teams evaluating AKIOS Pro. Covers architecture, data handling, certifications, and standard security questionnaire responses.

Security Architecture#

AKIOS Pro is designed with a zero-trust architecture. No cloud dependencies, no shared infrastructure, no telemetry egress. Every component runs inside the customer's security boundary.

Deployment model

Single-tenant, self-hosted. No shared infrastructure, no multi-tenant data plane. Each customer deploys their own instance inside their own VPC, on-prem environment, or air-gapped network.

Data boundary

All evidence data — traces, findings, export bundles, retention records — remains inside customer infrastructure. No cloud egress, no telemetry to external services, no third-party data processing. Zero external API calls for core functionality.

Network isolation

No inbound connections required from the internet. AKIOS Pro connects outbound exclusively to customer-specified endpoints: LLM gateways, SIEM receivers, and artifact registries. In air-gapped mode, zero outbound connections required.

Encryption

AES-256 at rest for all stored evidence. TLS 1.3 for all network communication. Encryption keys managed via environment variables, KMS integration, or external secrets manager (Vault, AWS Secrets Manager, Kubernetes Secrets).

Encryption configuration

bash

# Configure encryption at rest with custom key
docker run -d --name akios-pro \
  -e AKIOS_ENCRYPTION_KEY=$(openssl rand -hex 32) \
  -e AKIOS_TLS_CERT=/certs/tls.crt \
  -e AKIOS_TLS_KEY=/certs/tls.key \
  -v /path/to/certs:/certs:ro \
  -v akios-data:/data \
  akioudai/akios-pro:latest

# Verify encryption status
docker exec akios-pro akios admin status | grep encryption
# Encryption: AES-256-GCM | Key source: env | Status: active

Certifications & Compliance#

AKIOS Pro is designed for regulated environments and maintains alignment with major compliance frameworks. Certification documents are available under NDA through our sales team.

SOC 2 Type II

Meets trust services criteria for security, availability, and confidentiality. Annual audit by independent third party. Report available under NDA.

GDPR

Data Processing Agreement (DPA) available. Evidence retention, deletion, and export controls support data subject rights including access, erasure, and portability.

EU AI Act

Evidence mappings for Articles 12 (record keeping), 13 (transparency), 14 (human oversight), 15 (accuracy), 29 (deployer obligations), and 55 (impact assessments). Detailed mappings on the EU AI Act Evidence page.

HIPAA

Business Associate Agreement (BAA) available. Audit controls (164.312), access controls (164.312), integrity controls (164.312), and person authentication for ePHI.

ISO 27001

Information security management system aligned with ISO 27001:2022 controls. Certification audit in progress.

Data Processing Agreement#

AKIOS Pro supports the standard Data Processing Agreement (DPA) for GDPR compliance. Because AKIOS Pro is self-hosted, the customer is the data processor and AKIOUD AI has no access to customer data.

Data processor

Customer (self-hosted). AKIOUD AI has zero access to customer data, evidence, or configuration.

Data categories

LLM prompts, LLM responses, tool call data, policy evaluation results, PII detection findings, review decisions, export bundles.

Processing purpose

Compliance evidence generation, audit trail creation, regulatory reporting, incident reconstruction.

Data residence

Customer-controlled infrastructure. No cross-border data transfer. Customer chooses storage location.

Retention

Customer-configurable per environment. Full deletion with cryptographic purge attestation available.

Sub-processors

None. AKIOS Pro has zero external dependencies for data processing. No third-party APIs, no cloud services, no telemetry.

Request security documents

Contact our sales team for the complete security review package: SOC 2 Type II report, DPA, BAA, penetration test results, completed security questionnaire, and architecture review documentation.

Request Security Package

Security Questionnaire#

Standard security questionnaire responses for procurement teams evaluating AKIOS Pro.

Data encryption at rest?

Yes. AES-256-GCM with customer-controlled keys. Configurable via environment variable or KMS.

Data encryption in transit?

Yes. TLS 1.3 minimum for all network communication. Mutual TLS supported for service-to-service.

Multi-tenant architecture?

No. Single-tenant, self-hosted per customer. No shared infrastructure or data plane.

Cloud dependencies?

None. Zero cloud egress required for core functionality. No external API calls, no telemetry.

SOC 2 Type II?

Yes. Annual audit by independent third party. Report available under NDA.

Penetration testing?

Annual third-party penetration test. Results and executive summary available to qualified buyers.

SSO / Identity?

Yes. OIDC and SAML 2.0 for dashboard access. Local users for evaluation environments.

Audit logging?

Yes. All admin actions, evidence access, configuration changes, and data deletion are logged as compliance events.

Backup and recovery?

Yes. Configurable backup schedule with point-in-time recovery. Evidence store snapshots supported without downtime.

Incident response?

Documented incident response plan. 24-hour notification commitment for security incidents. Contact security@akiod.ai.

Vulnerability management?

Continuous scanning of container images. CVEs remediated within SLAs based on severity. SBOM available on request.

Business continuity?

Multi-node deployment with load balancer for high availability. Evidence store backed by redundant storage. Disaster recovery runbook documented.