Least privilege Audit trails Incident-ready

Security Program

Security is integrated across product, delivery, and operations. We apply layered controls around access, change management, evidence logging, and response workflows to protect client environments and business-critical execution systems.

Last updated: February 23, 2026
Security contact: security@erainai.com
Control Framework

Security domains and control intent

Domain
Controls
Outcome
Identity & access
Role-scoped permissions, least privilege, access logging
Reduced unauthorized access risk and clear accountability
Data protection
Scoped data handling, encryption in transit/at rest where applicable
Confidentiality and integrity protection across engagement lifecycle
Platform assurance
Patch management, monitoring, environment segregation, backup routines
Operational resilience and reduced service disruption

Secure engineering and change controls

  • Controlled code changes with review and deployment workflows.
  • Dependency and runtime update discipline with risk prioritization.
  • Separation of development and production contexts.

Logging and auditability

  • Operational logs for access and critical system events.
  • Decision and action trail support for governance reviews.
  • Evidence-linked records for enterprise audit workflows.

Incident response

We maintain an incident workflow covering triage, containment, remediation, and post-incident review. Notification timelines and obligations follow contractual and regulatory requirements.

Business continuity

Core services are designed with continuity controls, including backup handling and recovery procedures. Client-specific continuity expectations can be formalized in enterprise agreements.

Deployment options

  • Cloud-hosted deployment for rapid onboarding.
  • VPC deployment for network isolation requirements.
  • On-prem deployment for controlled enterprise environments.

Reporting a vulnerability

Report suspected vulnerabilities to security@erainai.com with reproducible details, impact estimate, and affected scope. We acknowledge and triage reports promptly.