ISO 27001 Compliance & Data Handling Policy

Effective Date: 01/02/2025
Last Updated:ย  01/02/2025

1. Introduction

At Predictiv we are committed to maintaining the highest standards of data security and compliance. Our infrastructure and processes align with ISO 27001 principles, ensuring the confidentiality, integrity, and availability of client data.

2. Data Collection & Ingestion

We securely receive and ingest data via:

  • APIs: Encrypted data transfers using industry-standard security protocols.
  • Secure File Transfers: Clients typically provide data through Google Cloud
  • Storage Buckets with appropriate IAM access controls.
3. Data Storage & Management

Client data is securely stored and managed in:

  • Google Cloud Storage: Encrypted at rest using Google-managed or customer-managed encryption keys.
  • BigQuery (BQ): Used for scalable, secure, and efficient data processing.
  • Firestore: Used when structured, real-time, or NoSQL storage is required.
4. Data Processing & Computation

Data science and processing tasks are conducted securely in:

  • Google Compute Engine (GCE): Secure VMs accessed via SSH with IAM authentication.
  • BigQuery (BQ): Used for large-scale data analysis and transformations.
  • Google Kubernetes Engine (GKE) (if applicable): Managed workloads securely deployed for scalable processing.
5. Data Security & Access Control
  • Encryption:
    • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Access Controls:
    • Strict role-based access control (RBAC) enforced via Google IAM.
    • Access to data and compute resources is restricted based on least privilege principles.
  • Authentication & Identity Management:
    • Google OAuth 2.0 used for authentication in our public API.
    • Multi-factor authentication (MFA) enforced for administrative access.
6. Web & API Security
  • Website Security:
    • Hosted via Google Compute Engine, GKE, or Google Cloud Storage (static hosting).
    • Fully HTTPS-encrypted with TLS 1.2/1.3.
  • API Security:
    • Our public API uses Google OAuth 2.0 for authentication and access control.
    • Rate limiting, logging, and monitoring implemented for API security.
7. Compliance with Industry Standards
  • ISO 27001: We align with the ISO 27001 framework for information security management.
  • GDPR & CCPA: We ensure compliance when handling user data from relevant jurisdictions.
  • SOC 2 (if applicable): Security measures are in place to meet SOC 2 principles.
8. Cross-Platform & Hybrid Cloud Support

While we primarily operate on Google Cloud, we can also work with Microsoft Azure and other cloud providers as per client needs.

9. Incident Response & Monitoring
  • Logging & Monitoring: Continuous security monitoring via Google Cloud Logging & Security Command Center.
  • Incident Handling: In case of security incidents, we follow an incident response plan aligned with ISO 27001 standards.
10. Contact & Support

For any security or data protection inquiries, please contact us at:
data@predictiv.com.au

Request a Demo