Skip to main content

Security & Governance

How we protect your data, govern AI systems, and maintain enterprise-grade security across all deployment models.
Last updated: 5 April 2026

Our Approach

Security is built into how we deliver, not bolted on afterwards. Every RIVER engagement, whether a digital delivery project, a consulting engagement, or a managed AI platform deployment, is designed with enterprise security controls appropriate to the scope and risk profile.

Our information security management system is aligned to ISO 27001:2022, extended with ISO 42001:2023 for AI-specific governance. We apply the principle of least privilege across all systems, maintain clear separation between environments, and ensure that security controls scale alongside the engagement.

Deployment Models

We offer flexible deployment models to meet your organisation's security and sovereignty requirements:

RIVER Cloud (RIVER Managed)

Hosted and operated by RIVER in New Zealand or Australia (as agreed). Includes standard security controls, monitoring, backups, and upgrades. Best suited for organisations that want a fully managed experience without infrastructure overhead.

Customer Cloud (Private Deployment, RIVER Managed)

Deployed into your cloud environment (e.g., Azure, AWS) with private networking controls (private endpoints, Key Vault, IAM/SSO). RIVER operates and supports the platform within your security boundary. Infrastructure consumption is billed through your cloud subscription.

Customer-Managed (Licence + Support)

Hosted and operated by your team, with RIVER providing licensing, implementation guidance, and agreed support. Used where full operational control is mandatory.

For private deployments, private networking and client security services (e.g., Key Vault, private endpoints, policy controls) are utilised as part of the agreed architecture.

Access Controls

Security controls depend on the deployment model, but commonly include:

  • Role-based access control (RBAC): access is granted based on defined roles, with least-privilege principles applied.
  • SSO and multi-factor authentication: integration with your identity provider (SSO/2FA) where available.
  • Audit logging: access and key actions are logged and exportable where required.
  • No access expansion without approval: access permissions are never expanded without explicit written approval.
  • Environment separation: segregation of environments (e.g., UAT/PROD) where applicable.

Data Protection

  • Encryption in transit: all data in transit is encrypted using TLS.
  • Encryption at rest: data at rest is encrypted where supported by the deployment architecture.
  • Data ownership: the client retains full ownership of all Customer Data, including documents, embeddings derived from client data, logs, and AI outputs generated from client inputs.
  • No training on client data: Customer Data is not used to train public AI models. Where third-party AI services are used, we apply configurations designed to prevent provider training on Customer Data.
  • Secure credential handling: credentials and secrets are managed securely, aligned to the deployment environment.
  • Data export and deletion: on termination, we support export of Customer Data in standard formats (e.g., database export, JSON) and follow agreed data retention and deletion procedures.

AI Governance

AI systems are probabilistic. Outputs may vary and cannot be guaranteed to be 100% accurate. We design AI systems for optimal results and apply governance controls to manage risk:

  • Human-in-the-loop oversight: AI outputs are designed to be reviewed by humans, especially for sensitive, regulated, or health-related decisions. The client retains responsibility for business decisions made using AI outputs.
  • Clear operational boundaries: what the AI can and cannot do is defined and agreed at the start of each engagement.
  • Model transparency: we are platform-agnostic and select AI models based on the requirements of each situation. Where the client requires restrictions (e.g., specific providers, private model routing, or client-held keys), these are handled as part of the agreed deployment approach.
  • Iterative refinement: AI systems are improved through iterative cycles with real usage feedback. The solution gets better with use, safely and with governance.
  • Adoption support: we reduce adoption risk through clear use-case boundaries, guided onboarding, practical templates, and workflow design aligned to the client's operating model.

Compliance

We design deployments to align with relevant regulatory frameworks:

  • New Zealand Privacy Act 2020: in most engagements, the client remains the data owner and is responsible for decisions about collection, retention, and lawful use of personal information. RIVER acts as a service provider, handling data only to deliver agreed services.
  • Australian Privacy Principles (APPs): where applicable, we design services to support compliance with Australian privacy requirements.
  • Sensitive data: for health-related or other sensitive data, additional controls are commonly applied (depending on deployment): encryption in transit and at rest, strict access logging, retention controls, and secure deletion/export processes.
  • Data sovereignty: New Zealand and/or Australian hosting options are available. Customer Cloud deployments keep data within the client's own cloud boundary.

Accreditations

Our security controls, AI governance, and operational practices are built to these frameworks. Independent certification is in progress.

ISO 27001 - Information Security

Aligned - certification in progress

Our information security management system follows ISO 27001:2022:

  • Formal risk assessment process for every engagement
  • MFA, role-based access, and least-privilege enforced across all systems
  • Full disk encryption on all devices, TLS on all communications
  • Documented incident response with defined notification timelines
  • Contractor security agreements and third-party supplier assessment
  • Automated CI/CD pipelines with mandatory peer review before deployment

ISO 42001 - AI Governance

Aligned - certification in progress

Our AI management system follows ISO 42001:2023:

  • Human-in-the-loop oversight on AI outputs, especially for high-stakes decisions
  • Clear operational boundaries agreed at the start of every engagement
  • Platform-agnostic model selection based on requirements, not vendor lock-in
  • Data quality governance - provenance, validation, and monitoring of AI inputs
  • Third-party AI provider assessment (OpenAI, Anthropic, Azure AI) with no-training configurations
  • Responsible AI principles aligned to the NZ Algorithm Charter and AU AI Ethics Framework

SOC 2 Type II - Trust Services

Aligned - audit in progress

Our operational controls align to SOC 2 trust service criteria. Type II verification covers controls operating over a sustained period, not a point-in-time snapshot.

  • Security: access controls, encryption, vulnerability management, and audit logging
  • Availability: uptime targets, backups, disaster recovery, and business continuity
  • Confidentiality: data classification, secure handling, and contractual protections
  • Privacy: NZ Privacy Act 2020 and Australian Privacy Principles compliance

Incident Response

RIVER applies security controls appropriate to the agreed deployment model. If RIVER becomes aware of a confirmed security incident affecting Customer Data within RIVER's control:

  • We will notify the client without undue delay.
  • We will provide updates and take reasonable remediation steps.
  • Any specific notification timeframes, audit log retention, and reporting requirements are agreed in the Proposal/SOW where needed.

Insurance & Assurance

  • RIVER holds Technology Liability insurance covering Professional Indemnity / Errors & Omissions, Public Liability, Cyber Liability, and Statutory Liability. Limits of liability: $1,000,000 per the policy schedule. Cover extends to work performed by contractors and subcontractors engaged by RIVER Group. Increased limits available on request. Certificates of currency available on request.
  • Source-code escrow is standard at Partnership 36 and available on request at Partnership 24. Release conditions: RIVER insolvency, material breach unremedied within twenty business days, or cessation of platform operations.

Questions

For security, governance, or compliance questions, please get in touch. For detailed procurement questions, see our Procurement FAQ.