Security & Compliance

Protecting your data and helping you comply with global standards

SysAid follows strict international standards and regulations in order to keep your information safe

ISO 27017 Certificate

Get Certificate

ISO 27001 Certificate

Get Certificate

ISO 27018 Certificate

Get Certificate

SOC2 Type 2 Certificate

Download

Security Framework Highlights

Download

SysAid Cloud Security and Compliance Standards

Download

SysAid Security Information

Learn more

Your security is everything

SysAid values and appreciates security researchers that do the right thing and help make the world a bit more secure. Our promise is to always be open to discovering vulnerabilities that were not previously recognized. If you think you’ve found a gap in our armor and want to let us know, please leave your report here.

A dedicated security team

Led and managed by CISO
Multiple trusted, third-party security providers
DevSecOps, GRC, application, and infrastructure experts
Collaboration with Data Privacy Officer (DPO)
Embedded security champions within R&D teams
Extensive training programs to developers (OWASP) and entire employees (awareness and privacy)

Three cartoon-style, turquoise creatures resembling a bird and two other animals, each with large eyes and playful designs, set against a white background.

Secured Platform

Supports Integration with enterprise SSO system
Password management service: Accounts lockout
Role based access control
Customer’s data: encryption at rest & at transit
Customer’s databases segregation
Continuously monitored production environment

A cute, stylized cartoon owl holding a clipboard with a lock, depicted against a plain white background.

In-House Security Measures

Vulnerability management: via tools and manually to scan the entire ecosystem.
Third-party security: vendors are undergo annual reviews
Security assessments: strict schedule by rotating 3rd parties to perform application penetration testing, Infrastructure Audits, and Corporate systems security assessments.
Cloud security: hosted by AWS
Extensive security protection throughout the all defense layers: FireWall, VPN, Workstation, segregation, and more

A document icon with binary code and a colorful shield symbol, representing data security and encryption.

SysAid Copilot: Building on a Foundation of Security

Your data security is our top priority, we are SOC2 certified and compliant with GDPR standards.
SysAid Copilot, like all SysAid products, has been built from the ground up with a strong commitment to a security-first mindset. This document serves as a comprehensive guide, outlining the details of our approach to building the SysAid Copilot system.

Which Generative AI Technology powers SysAid Copilot

SysAid Copilot utilizes OpenAI’s leading Large Language Models, GPT-3.5 Turbo and GPT-4 Turbo. Both models are utilized as default Microsoft Azure OpenAI Services while providing the security and enterprise promise of Azure, with no usage of ChatGPT or ChatGPT Enterprise. You can find more details about Azure OpenAI Service data security here.

SysAid Copilot customers have the option to choose OpenAI API as an alternative to Azure OpenAI Services, meaning access to more frequent model updates.

Data, privacy, and security for Microsoft Azure OpenAI Service
You can find more information here.

Data Protection

Data Storage

All AI-related data, including the data pool, is exclusively stored within the customer’s SysAid database. We do not use external services for data storage

LLM Data Processing

Customers data processing through Microsoft Azure OpenAI services. APIs are protected with TLS encryption for secure data transmission. Additionally, for Azure OpenAI users, there is an option to select the processing region as either US or Europe.

Data Extraction from Service Records & KB Articles

User-Focused Data Collection

SysAid enhances chatbot intelligence and response quality by leveraging customers’ existing service records, KBs articles, and data sources uploaded by the client such as documents and links. To ensure privacy and confidentiality, we adopt several measures to prevent the sharing of personal or private information with other users:

Collecting data only from fields that are accessible to end users.

PII Removal

Employing Microsoft Presidio, a robust data protection and anonymization toolkit hosted within the SysAid datacenter, capable of eliminating personally identifiable information (PIIs).

Language Filtering

Utilizing a sophisticated language model to filter out user-specific details from the text, extracting only the general knowledge.

Authentication and Access Control

Access control

Access to AI services requires SysAid application authentication, based on each customer’s access mechanism (SysAid supports different types of SSO solutions).

Authentication

SysAid permits customers to implement MFA solutions in accordance with their own access policies, and based on each customer’s authentication mechanism (e.g Okta etc.).

User Permissions

Access control follows SysAid user permissions, with chat access for authenticated end users and settings, datapool management, and monitoring restricted to SysAid administrators.

Network and Datacenter Security

Location

AI services are housed in AWS, the leading global Cloud Services Provider across three primary regions: US, Europe, and Asia Pacific.

Security Details

Amazon maintains and demonstrates SSAE-16 SOC 1, 2 and 3, ISO 27001, and FedRAMP/FISMA reports and certifications. Web servers and databases run on servers in secure data centers.

Encryption

Our built-in encryption methods are incorporated into the SysAid environment (AES-256) to protect customer data and ensure data privacy and protection for data at rest.

Network

We use standard secured network protocols and encryption via Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted channels to protect customer data and ensure data privacy whenever data is in transit.