Version 1.0 | Effective Date: [Insert Date] | Approved By: Rob Stewart, Founder & CEO
The purpose of this Information Security Policy is to affirm CR Equity Ai's dedication to safeguarding the confidentiality, integrity, and availability of all data, systems, and infrastructure within its platform, operations, and partner network. This policy applies to all employees, contractors, consultants, and third-party service providers associated with CR Equity Ai. It encompasses all systems, APIs, databases, and digital assets managed by the organization, as well as all types of data, including personally identifiable information (PII), financial data, collateral records, blockchain entries, and underwriting artifacts.
| Role | Responsibility |
|---|---|
| CEO / CISO | Holds final authority regarding the security posture of the organization, oversees breach response, and enforces policy adherence. |
| Compliance Lead | Ensures all activities are aligned with regulatory frameworks such as SOC 2, ISO 27001, GDPR, and CCPA. |
| Engineering Team | Implements technical security controls, monitors platforms, and maintains secure coding practices. |
| Operations Team | Enforces access controls, evaluates vendor security, and manages physical security measures. |
| Third-Party Auditors | Conduct independent reviews and penetration tests to validate security controls. |
CR Equity Ai organizes data into three distinct tiers to ensure appropriate protection levels:
Handling requirements for each tier are as follows:
Access to CR Equity Ai systems is managed through a role-based access control (RBAC) matrix. Multi-factor authentication (MFA) is mandatory for all administrative and sensitive operations. API keys are issued to partners with protocols in place for regular rotation and revocation. To further secure sensitive dashboards, session timeouts and IP allowlisting are enforced. All access is logged and monitored using Security Information and Event Management (SIEM) tools.
All vendors must complete Know Your Customer (KYC) or Know Your Business (KYB) checks, as well as undergo OFAC and SOC 2 reviews. External underwriting reports are not accepted in accordance with the Fee Policy. CR Equity Ai conducts its own thorough diligence using proprietary and external tools, including appraisals, broker pricing opinions, environmental reports, feasibility studies, title and escrow documentation, surveys, and financial data.
Any security incident must be reported to the CISO within one hour. The breach response process includes containment, forensic analysis, and partner notification as necessary. Blockchain audit logs are used to verify tamper-resistant records of activity. A post-incident review is conducted within 72 hours. Regulatory disclosures are issued in compliance with jurisdictional requirements.
All platform activities are logged in real-time. Logs are retained for a minimum of 12 months. Alerts are configured to trigger in response to unauthorized access attempts, loan-to-value (LTV) covenant breaches, unusual wallet activity, and API abuse or rate limit violations.
Violations of this policy may result in access revocation, termination of employment or engagement, or legal action as appropriate. All users are required to acknowledge this policy during onboarding. CR Equity Ai reserves the right to update this policy without prior notice. Use of the platform indicates acceptance of these terms.
By accessing or using CR Equity Ai's platform, users agree to comply with this Information Security Policy. Users authorize CR Equity Ai to enforce reasonable business practices and accept all terms outlined in the Terms of Service and User Agreement.