Security Policy

1. Introduction

AiRK Artificial Intelligence Training LLC ("AiRK," "we," "us," or "our") is committed to maintaining the highest standards of information security to protect personal data, training materials, and digital assets. This Security Policy outlines our comprehensive approach to safeguarding information in compliance with UAE Personal Data Protection Law (PDPL) and international best practices.

As an ACTVET-certified training provider, we implement robust security measures to protect student data, intellectual property, and institutional information throughout our digital learning ecosystem.

2. Information Security Framework

Our security framework is built on the following pillars:

2.1 Confidentiality

• Access controls ensure information is only available to authorized personnel
• Role-based permissions limit data access based on job function
• Non-disclosure agreements for all staff and contractors
• Secure handling of sensitive training materials and student data

2.2 Integrity

• Data validation and verification processes
• Change management controls for system modifications
• Regular backup and recovery testing
• Digital signatures for important documents and certifications

2.3 Availability

• 99.9% uptime guarantee for learning management systems
• Redundant systems and failover capabilities
• Business continuity and disaster recovery plans
• Regular maintenance and monitoring of all systems

3. Technical Security Measures

3.1 Encryption

• AES-256 encryption for data at rest
• TLS 1.3 for data in transit
• End-to-end encryption for sensitive communications
• Encrypted backups and archives

3.2 Access Controls

• Multi-factor authentication (MFA) for all administrative accounts
• Single sign-on (SSO) integration for streamlined access
• Regular access reviews and permission audits
• Automated account deactivation for terminated users

3.3 Network Security

• Next-generation firewalls with intrusion detection
• Virtual private networks (VPN) for remote access
• Network segmentation and isolation
• DDoS protection and traffic monitoring

3.4 Endpoint Security

• Enterprise-grade antivirus and anti-malware protection
• Device management and compliance monitoring
• Regular security updates and patch management
• Mobile device management (MDM) for BYOD policies

4. Physical Security

• Secure facilities with controlled access in Abu Dhabi
• Biometric and card-based entry systems
• 24/7 surveillance and monitoring
• Secure storage for physical documents and equipment
• Environmental controls for server and equipment rooms
• Visitor management and escort procedures

5. Data Protection Measures

5.1 Student Data Protection

• ACTVET-compliant data handling and reporting
• Secure student portal with encrypted access
• Regular data privacy impact assessments
• Pseudonymization and anonymization where possible

5.2 Intellectual Property Protection

• Digital rights management for training materials
• Watermarking and tracking of proprietary content
• Secure distribution of The AiRK Method materials
• Version control and change tracking

5.3 Payment and Financial Data

• PCI DSS compliance for payment processing
• Tokenization of sensitive financial information
• Secure payment gateways and fraud detection
• Regular financial security audits

6. Incident Response and Breach Management

6.1 Incident Response Plan

• 24/7 security operations center (SOC) monitoring
• Defined incident classification and escalation procedures
• Rapid response team with clear roles and responsibilities
• Regular incident response drills and testing

6.2 Data Breach Notification

• UAE Data Office notification within required timeframes
• Student and stakeholder communication protocols
• ACTVET reporting for certification compliance
• Forensic investigation and remediation procedures

7. Third-Party Security

7.1 Vendor Management

• Security assessments for all technology vendors
• Contractual security requirements and SLAs
• Regular vendor security reviews and audits
• Data processing agreements compliant with UAE PDPL

7.2 Cloud Security

• SOC 2 Type II certified cloud providers
• Data residency requirements for UAE compliance
• Encryption key management and control
• Regular security configuration reviews

8. Security Training and Awareness

• Mandatory security awareness training for all staff
• Phishing simulation and testing programs
• Regular security updates and communication
• Specialized training for data protection officers
• Student education on secure learning practices

9. Compliance and Auditing

9.1 Regulatory Compliance

• UAE Personal Data Protection Law (PDPL) compliance
• ACTVET certification requirements
• ISO 27001 security management standards
• Industry-specific regulations and best practices

9.2 Security Auditing

• Annual third-party security assessments
• Internal security audits and reviews
• Penetration testing and vulnerability assessments
• Continuous monitoring and compliance reporting

10. Policy Updates and Governance

This Security Policy is reviewed annually and updated as needed to address:

• Changes in regulatory requirements
• Emerging security threats and vulnerabilities
• Technology updates and system changes
• Lessons learned from security incidents
• Industry best practices and standards

11. Reporting Security Concerns

If you identify a security vulnerability or concern, please report it immediately:

12. Contact Information

For questions about this Security Policy or our security practices: