This page summarizes how Ryora Pty Ltd safeguards customer data and systems. It is intended for customers, prospects, and auditors evaluating our security practices.
1. Scope
This page describes Ryora company security practices for Ryora-operated systems and business operations. It is a general overview and does not create contractual service-level commitments.
2. Data Protection and Encryption
- In transit: TLS is enforced for external communications and used for internal service communications in production environments.
- At rest: Encryption is applied to sensitive and confidential data stores and backups.
- Key management: key lifecycle controls include generation, storage, rotation, revocation, and destruction requirements.
- Data handling: data is classified and protected according to sensitivity (Confidential, Restricted, Public).
3. Infrastructure Security
- Network segmentation and default-deny principles are applied to production and staging environments.
- Documented infrastructure hardening baselines and change management for production-impacting changes.
- Logging, monitoring, and alerting for security-relevant events.
- Business continuity and disaster recovery planning, including backup and restore expectations.
4. Access Control
- Role-based access allocation aligned to job responsibilities, with least-privilege principles.
- Multi-factor authentication for privileged access.
- Provisioning, change, and deprovisioning workflows with auditability requirements.
- Periodic access reviews and removal of unnecessary access.
5. Secure Development
- Version control, peer review, and controlled release practices.
- Segregation of development, staging, and production environments.
- Security testing and vulnerability management integrated into delivery workflows.
- Defined remediation timeframes based on severity.
6. Incident Response
- Documented incident response plan with severity levels and escalation paths.
- Defined response targets for critical and high-severity incidents.
- Root cause analysis and post-incident reviews for confirmed incidents.
Security contact: [email protected]
7. Compliance and Assurance
- SOC 2: status and assurance materials are available via our trust portal at trust.ryora.ai.
- Privacy frameworks: controls are maintained for applicable privacy obligations, including data protection requirements where relevant.
Additional assurance materials may be shared under NDA or equivalent confidentiality controls, including policy artifacts, control evidence summaries, and vendor security assessments.
8. Public Security Resources
9. Document Ownership and Review
Owner: Ryora Security and Compliance. This page is reviewed periodically and updated after material security, policy, architecture, or assurance changes.