Q: Has the AI been independently assured or audited?
A: SqlDBM maintains SOC 2 compliance covering the full platform, including AI components. AWS Bedrock — the infrastructure layer — is independently audited and meets SOC, ISO, HIPAA, GDPR, and CSA STAR Level 2 standards. AI-specific penetration testing is planned as a future security roadmap milestone; availability dates are TBD.
Q: Do you have a formal AI governance policy?
A: Yes. SqlDBM maintains an AI governance policy covering the full AI system lifecycle: creation, maintenance, testing, operation, and decommissioning. Documentation is available in the AI Security and Data Privacy document under NDA via the trust portal.
Q: Have you completed a risk assessment of the AI system?
A: Yes. SqlDBM has conducted internal risk assessments covering data flow, LLM provider risks, prompt injection, output accuracy, and access control. Risk assessment documentation is available under NDA.
Q: Do you penetration test your AI systems?
A: The SqlDBM platform is penetration tested as part of SOC 2 compliance. AI-specific penetration testing — covering prompt injection, jailbreak resistance, and privilege escalation — is planned as a future roadmap item (dates TBD). AWS Bedrock itself is continuously tested by AWS as part of their compliance program.