Security & Compliance — DBIZ

Security & Compliance

Trust is the foundation of the AI-Native enterprise

Your data and models are protected to international standards, with AI operating under control and people always in the decision-making seat.

ISO/IEC 27001 Decree 13/2023 Human-in-the-Loop Data sovereignty
Data sovereignty

Data & AI models kept in-house at your enterprise — you have full control, with no dependence on third parties.

Encryption & access control

Encryption at rest and in transit; fine-grained row/column access control (RLS/CLS) and role-based permissions.

Logs & tracing

Every user action and AI Agent action is logged, traced, and auditable.

Human-in-the-Loop

AI recommends — people approve at every risky step. There are stop points, recovery, and cost limits.

Guardrails for AI

Constrain action scope, review outputs, and prevent sensitive data leaks.

Backup & recovery

Automatic backups and contingency planning (BCP/DR) ensuring operational continuity.

Compliant with Decree 13/2023

Meets Vietnam’s personal data protection regulations across the entire data lifecycle.

ISO/IEC 27001

Information security management system (ISMS) to international standards.

Layered AI-Native architecture

Each layer is isolated, secured, and scaled independently — data, models, and agents always under full control & audit.

FoundationCore platform & identity
Data LakehouseUnified data, role-based access
Agent HarnessAI with controls & HITL
InfrastructureCPU · GPU · Private cloud

Platform products technically meet ISO/IEC 27001 & 42001

Each DBIZ platform product is designed with technical controls mapped to ISO/IEC 27001 (information security) and ISO/IEC 42001 (AI management). The table below summarizes how each component meets them.

Platform productsMeets ISO/IEC 27001 — Information securityMeets ISO/IEC 42001 — AI management
DBIZ Foundation
Core platform & identity
  • Centralized identity & access management (SSO, RBAC, MFA)
  • Multi-tenant isolation, environment separation
  • Key & secrets management (secrets/key management)
  • Centralized audit logs for the entire system
  • Secure development lifecycle (SSDLC)
  • Model/agent registry with owners & approval workflow
  • Centralized AI policy enforcement point
  • Defined roles & accountability
DBIZ Autonomous
Controlled AI Agents & HITL
  • Least-privilege access per agent
  • Guardrails constraining the scope of actions
  • Output moderation & prevention of sensitive data leakage
  • Logging & traceability of every agent action
  • Secrets vault for tools the agent calls
  • Human-in-the-Loop approval at every risky step
  • AI risk & impact assessment (AI risk/impact)
  • Kill-switch/rollback & cost limits
  • Decision logging & explainability
  • Behavioral drift/model deviation monitoring (drift)
DBIZ Data Lakehouse
Unified data, role-based access
  • Encryption at rest & in transit
  • Fine-grained row/column access control (RLS/CLS)
  • Data classification, masking & anonymization (masking/anonymization)
  • Full lineage & access logs
  • Automated backup & recovery (DR)
  • Data governance & quality for AI
  • Provenance/lineage of training data
  • Minimization of personal data (PII) used for AI
  • Dataset documentation for bias control
DBIZ Blockchain
Immutable & provenance tracing
  • Immutable, tamper-evident logs
  • Cryptographic integrity & non-repudiation
  • Authorization & controls on smart contracts
  • Provenance attestation for AI decisions (model & data attestation)
  • Immutable ledger for tracing & auditing end-to-end AI actions
AI Modules & 97 AI Agents
AI business modules
  • Inherits Foundation controls (identity, authorization, encryption, audit)
  • Constrained data scope & access rights per module
  • Each module has a purpose profile, data scope & monitoring mechanism
  • Human control & monitoring of output quality, anomaly alerts

Common platform: Internal CPU·GPU·Cloud infrastructure ensures data & model sovereignty (data/model residency) — the basis for both ISO/IEC 27001 and 42001.