Trust

Built for regulated buyers.

Airclerk is building the trust posture required to support Claude implementation in regulated financial and professional services across New Zealand and Australia. Security, governance and auditability are treated as central to implementation - not as a later phase.

01 / Compliance

Programme status.

Airclerk is actively pursuing ISO 27001 and SOC 2 Type 2 as part of our commitment to supporting regulated financial and professional services customers.

IN PROGRESS

ISO 27001

Information security management system. Programme underway with target certification within 12 months.

IN PROGRESS

SOC 2 Type 2

Security, availability and confidentiality. Controls implemented; audit window starting.

ACTIVE

Secure SDLC

Source control, code review, dependency scanning and release controls aligned with secure development practice.

ACTIVE

Vendor management

Formal subprocessor list and review cadence. Material providers documented and contracted.

ACTIVE

Incident response

Documented incident response and breach notification process with named owners.

ACTIVE

Access control

SSO, MFA, least privilege, periodic access reviews and joiner/mover/leaver discipline.

ACTIVE

Deployment options

The Airclerk MCP and its audit trail can be hosted by Airclerk with per-tenant isolation, or deployed single-tenant into your own Azure tenant on request.

02 / AI governance principles

How we operate Claude.

  • Human-in-the-loop by design
  • Permission-aware access
  • A record of what was asked, the tools and evidence used, and the decisions and outputs produced — captured as the assistant works
  • Evidence capture and citation
  • Clear system boundaries per workflow
  • Risk-based workflow design
  • No black-box production decisions

Read our governance framework →

03 / Security pack

Need our security and governance pack?

We provide a security and governance pack to assist procurement, risk and security teams during vendor onboarding. Includes policy excerpts, subprocessor list, architecture overview and AI governance principles.

Request the pack
04 / Common questions

Security and data.

01Does Airclerk use our data to train AI models?

No. Airclerk does not train its own foundation models on customer data, and where available we configure the third-party AI providers we implement to disable the use of customer data for model training or improvement. Data-handling documentation is available on request.

02Is Airclerk ISO 27001 or SOC 2 certified?

Both are in progress. Airclerk is actively pursuing ISO 27001 and SOC 2 Type 2 — controls are implemented and the audit windows are underway. Secure SDLC, vendor management, incident response and access control are already active. Our security and governance pack documents the current status.

03Where is our data hosted, and what are the deployment options?

The Airclerk MCP and its audit trail can be hosted by Airclerk with per-tenant isolation, or deployed single-tenant into your own Azure tenant on request. We maintain a formal subprocessor list and review cadence.

04Does Airclerk sign NDAs and DPAs?

Yes. We have standard NDA and DPA templates, support DPIAs, and are comfortable working under customer paper.

05How do we get Airclerk's security and governance pack?

Request it through our contact page. The pack assists procurement, risk and security teams during vendor onboarding and includes policy excerpts, the subprocessor list, an architecture overview and our AI governance principles.