One MiphamOne Mipham

Information Security

Information security is the foundation of our products and operations. We are committed to protecting customer data and organizational assets through a multi-layered defense architecture.

Our Security Commitment

Security is not an afterthought — it is a core principle embedded in every product design and every deployment from day one. We believe that the safety of frontier AI systems begins with the security of the infrastructure they run on.

Data Protection Measures

Transport Security

  • All data transmission uses TLS 1.3 encryption
  • Strict certificate management and key rotation policies

Storage Security

  • Data at rest encrypted with AES-256-GCM
  • Keys managed via Hardware Security Modules (HSM)
  • Regular backups with geographically redundant storage

Access Control

  • Role-based least-privilege access (RBAC/ABAC)
  • Multi-factor authentication (MFA) enforced
  • Employee access requires approval, granted on-demand, auto-expires
  • All access operations recorded in audit logs

Infrastructure Security

  • Cloud infrastructure aligned with CIS Benchmarks
  • Network segmentation with strict production/non-production isolation
  • Perimeter defense: Web Application Firewall (WAF), DDoS mitigation
  • Container image security scanning and signature verification
  • Continuous dependency monitoring and vulnerability patching

Product Security

Secure Development Lifecycle

  • Threat modeling integrated from the design phase
  • Code review by at least one senior engineer before merge
  • Static analysis (SAST) and dynamic analysis (DAST) in CI/CD
  • Third-party dependency license compliance checks

AI Security

  • All user-facing AI features pass Prompt Injection security testing before launch
  • Adversarial attack red team assessment
  • Content safety filtering (NSFW, PII leakage, copyrighted content)
  • Model output bias evaluation

Vulnerability Management

We maintain a responsible disclosure program. Security researchers may report potential vulnerabilities to security@onemipham.com.

We commit to:

  • Acknowledging reports within 48 hours
  • Assessing and prioritizing based on severity
  • Maintaining transparent communication on remediation progress
  • Not pursuing legal action against good-faith security research

Compliance & Certifications

We are committed to achieving and maintaining the following standards:

  • Regular independent third-party security audits
  • SOC 2 Type II compliance (in progress)
  • Alignment with OWASP Top 10 and MITRE ATLAS framework
  • ISO 27001 Information Security Management System reference

Incident Response

  • Production P0 alerts: 15-minute response, 1-hour recovery target
  • Tiered alerting strategy: Warning → Critical → Pager
  • 7×24 on-call coverage
  • Postmortem completed within 72 hours of incident resolution

Contact

For security-related inquiries:

Security Team Email: security@onemipham.com

PGP Key: Available on request