Skip to main content
SolutionsApproachCase StudiesInsightsContact

Security for regulated Australian work

Deployment boundary, review path, and evidence obligations are agreed before build.

RyderAI builds AI for regulated work in Australia. RyderAI-managed hosting and client-owned deployments are both scoped before build; the posture below is the baseline we work from.

Current assurance status

Control-aligned, evidence-led

Before build, the engagement security plan names the deployment boundary, storage, encryption, retention, recovery, access, review, and evidence obligations. RyderAI does not currently hold SOC 2, ISO 27001, ISO 42001, IRAP, or equivalent external certification, and does not claim those certifications.

RyderAI-managed hosting keeps model inference inside the agreed Australian boundary and uses third-party model APIs only when explicitly scoped. Client-owned deployments use the customer's own infrastructure and controls. Where scoped, RyderAI-managed hosting uses encrypted redundant storage across separate RyderAI-operated systems.

Boundary set before build

RyderAI-managed engagements are scoped to an agreed Australian data boundary. Client-owned deployments use the customer's own infrastructure and controls. Any third-party model API is explicit in the engagement scope.

Controls written into the plan

Storage, encryption, retention, recovery, access, and review controls are named in the engagement security plan for the deployment mode. RyderAI-managed hosting uses encrypted storage with redundancy across separate RyderAI-operated systems where scoped.

Consequential decisions are reviewable

Consequential decisions are recorded so you can show a regulator who was accountable, what the decision was based on, and why.

Access is controlled and accountable

Only named people can reach the controls that matter, and the actions that carry real consequence are signed off by a named person and recorded.

Release checks before go-live

Production releases are checked against the engagement security plan and verification steps before go-live.

Mapped to APRA CPS 234, OAIC and AHPRA evidence needs

Designed to support the evidence a prudential review or practitioner-accountability request may ask for.

  • →APRA CPS 234 implementation checklist
  • →Human-in-the-loop framework

Responsible disclosure

The canonical channel is /.well-known/security.txt (machine-readable, RFC 9116). Good-faith researchers who avoid privacy, integrity, or availability impact on customer workloads receive an acknowledgement within one business day and credit on remediation. For narrative reports, use the contact form with subject line Security disclosure.

Submit a security disclosure

Ryder AI Pty Ltd · ABN 24 681 083 983 · Brisbane, Queensland

This page describes how we work by default. The exact controls for your engagement are written down in your engagement security plan.

Site footer

Company

Entity
Ryder AI Pty Ltd
ABN
24 681 083 983
Founded
2024
Base
Brisbane, Queensland
Data boundary
Australian data boundary

Site map

  • Solutions
  • Approach
  • Case Studies
  • Insights
  • Contact
  • About

Trust & transparency

  • Security
  • Accessibility
  • Press
  • Site Map
  • RSS
  • Privacy

Contact

[email protected]

© 2026 Ryder AI Pty Ltd

LinkedIn (opens in a new tab)Privacy Policy