Information Security Practices and Procedures
08/05/2026
Information security stands as a fundamental cornerstone of Graphwise. This commitment is embedded throughout our organizational structure, security policies, and operational processes, and is formally recognized through our ISO/IEC 27701:2019, ISO/IEC 27001:2022, and ISO/IEC 42001:2023 certifications.
The addition of the ISO/IEC 42001:2023 certification highlights our dedication to the ethical and systematic management of Artificial Intelligence. It ensures that our AI systems are developed and deployed within a robust Artificial Intelligence Management System (AIMS), prioritizing transparency, accountability, and risk mitigation. These certifications are maintained through rigorous, independent audits conducted by authorized third-party organizations.
All Graphwise personnel adhere to comprehensive workplace security protocols, including mandatory incident reporting procedures. Regular security training sessions are conducted for the entire workforce to ensure consistent awareness and compliance with both general security standards and AI-specific ethical guidelines.
Graphwise safeguards its infrastructure through robust measures including:
Comprehensive disaster recovery and business continuity planning
Systematic backup protocols for all company data
Thorough logging and monitoring of security-relevant events
Proactive prevention of unauthorized access attempts
Our network security architecture incorporates next-generation firewall technology across all system environments to protect both business operations and client assets. Additional protection is provided through host-based intrusion detection and prevention systems (HIDS/HIPS). Security monitoring includes daily scans of all hosts for file integrity verification and continuous database monitoring for unauthorized modifications.
Software development at Graphwise follows secure-by-design principles and industry best practices, including:
Secure dependency management
Protected source code repositories
Comprehensive vulnerability management
Secure data handling protocols for information in transit and at rest
Comprehensive vulnerability management across traditional and AI-driven components
Algorithmic accountability and bias monitoring in alignment with ISO 42001
All source code resides in secured Git repositories with write access limited exclusively to authorized development personnel. JavaScript code undergoes minification for additional protection and remains proprietary.
Graph Modeling adheres to industry best practices by implementing data minimization principles, exposing only the data necessary for specific purposes and limiting the duration that sensitive information remains in memory or unencrypted. All externally exposed sensitive data is secured using state-of-the-art cryptographic protection, including password hashing via PBKDF2 and encryption of third-party credentials using AES with configurable key sizes that meet current security standards.
Graph Modeling provides various ways to authenticate users. The default authentication method for the user interface is password-based verification. Administrators can configure a strong password policy. Customers can also leverage their existing access management infrastructure and configure single sign-on. Social login and multi-factor authentication (MFA) come out of the box. Token-based authentication (OAuth 2.0) is implemented for all Graph Modeling APIs except for UnifiedViews.
Tip
Visit the Graphwise Trust Center for more information on our security and privacy commitments.