Security is not claimed. It is evidenced.
Our compliance posture, operational status and security practices: published, dated, and independently audited.
Certified, aligned, and audit-ready
SOC 2 Type II
Annual examination of security, availability and confidentiality controls. Report available under NDA.
ISO/IEC 27001
Information security management system covering Dubai hub operations and delivery practices.
GDPR
Data protection by design and default: processing records, DPAs and EU SCCs in place.
NIS2 Directive
Capability mapping for essential-entity clients operating under EU jurisdiction.
CCPA
California consumer rights honoured through the same self-service privacy controls.
EU AI Act
AI-driven defense portfolio assessed against transparency and risk-tier obligations.
Threat activity across monitored estates
How we hold ourselves
- ENCEncryption everywhere
TLS 1.3 in transit, AES-256 at rest, customer-managed keys supported; crypto-agile design for PQC transition.
- PENContinuous testing
Quarterly third-party penetration tests; automated dependency and configuration scanning in CI/CD.
- IRIncident response
24/7 on-call, 1-hour acknowledgement SLA for critical events, post-incident reviews shared with affected clients.
- ACCLeast privilege
Role-based access, hardware-key MFA for all staff, quarterly access recertification.
- VENVendor risk
Every portfolio vendor passes security due diligence before distribution, and re-assessment annually.
Found a vulnerability?
We welcome good-faith security research. Report findings to security@cyninges.com. We acknowledge within 24 hours, and we don't pursue legal action against researchers acting in good faith.
Our /.well-known/security.txt publishes the current disclosure policy, PGP key and scope.