Trust and Security

NetRisk uses authenticated app access, tenant-scoped server routes, beta route hardening, secure-link controls, and audit-oriented workflows for pilot use.

NetRisk does not currently claim SOC 2, ISO 27001, PCI, HIPAA, cyber-insurance coverage, or a formal uptime SLA. Those items require separate commercial and assurance review.

Pilot workspaces use corporate-domain signup checks, admin-only workspace settings, entitlement limits, budget controls for expensive work, and explicit public-token protections where secure links are used.

Uploaded evidence and vendor responses are treated as reviewable inputs. AI output cannot verify evidence, approve claims, or create final risk decisions without reviewer or canonical gate support.

Customers can request a security review package through security@netrisk.io. Available material may include this security overview, data-retention notes, route-hardening summary, and pilot support process.

If a customer needs formal contractual terms, DPAs, subprocessors, or assurance reports, NetRisk support will route that request through the founder-led pilot process.