CultureAI | Security

Features
Resources

Our resources

Our cyber security and behaviour experts have put together a library of resources to help you transform security culture, no matter the size or security maturity of your organisation.

Featured resource by James Moore

Chrome gets to grips with tabnapping phishing attacks

1 month ago

Ten years after tabnapping was first demonstrated, Chrome is taking steps to stop it.

Read in our blog

Our Resources

News

Whitepapers

Support Centre

GCHQ Training Courses

Changes
Company

CultureAI

We're a team of cyber security, behaviour science and technology experts that build tools to help our clients manage cyber security culture within their organisation.

Find out more about us to the right.

Company

About Us

Offices

Careers at CultureAI

Events

Press-Kit

Security

Our View

We protect our clients data, at all costs

When a client works with us, they're saying "We trust you to significantly decrease our security risks". It is our responsibility to do absolutely everything in our power to make that happen; starting with ensuring we don't increase their risks.

This page details just some of the lengths we go to to protect your data. If you're ever concerned, please talk to us at security@culture.ai.

The four pillars of trust

Security

Security is baked into everything we do; from our DevSecOps through to business ops and physical security. We encrypt your data at rest in transit and provide SSO, enforced MFA and IP-based ACLs to protect it. Your data is stored in your own country. Our team all hold BPSS security vetting, as a minimum. We perform regular pentests, and run continuous vulnerability scanning against our infrastructure, code and dependencies.

Reliability

Our platforms are built on best-in-class technologies, and are designed to be highly-available and fast. We use load balancing with automatic failover, geo-redundancy and monitor thousands of metrics every second to look for warning signs of issues. We have a defined and regularly tested disaster recovery plan.

Privacy

Protecting your data, and that of your employees, is our highest priority. It is, after all, why we founded CultureAI in the first place. We do everything in our power to ensure we protect it from unauthorised access, and are compliant with regulation such as GDPR.

Compliance

Our clients' often have strict compliance requirements, against which we have yet to record a single failure. We hold ISO 9001, 14001 and 27001, alongside Cyber Essentials Plus. We're happy to allow our enterprise clients to conduct independent audits / pentests, and our policy is to go to any length to support your internal compliance process.

Bug Bounty

Our bug bounty programme

We support the responsible disclosure of security issues and vulnerability to us from the security community. If you identify a security vulnerability in any CultureAI product please let us know at security@culture.ai and we'll acknowledge the report within a working day.

All we ask is that security researchers exercise appropriate consideration whilst conducting any testing; please throttle your rates and in the event you may (or have accidentally) access(ed) client data please stop and contact us so that we can remediate the vulnerability, communicate to our clients and order you pizza.

Trust & Security at CultureAI