Security by design
Security is considered during discovery, architecture, implementation, deployment, and operation. We prefer simple, auditable designs, least-privilege access, secure defaults, and explicit controls over informal process.
Access control
- Access is limited to authorized personnel and scoped to business need.
- Administrative access is separated from normal user workflows where practical.
- Secrets are kept out of source code and public artifacts.
- Credential rotation and revocation are handled as part of operational hygiene.
Data handling
We treat client, prospect, and operational data as confidential. Project-specific data handling, retention, residency, and confidentiality terms are defined in the relevant engagement agreement.
Infrastructure and delivery
- Production changes are reviewed, tested, and deployed through controlled workflows.
- Cloud services are configured with attention to identity, network exposure, logging, and recovery.
- Monitoring and incident response expectations are defined for managed systems.
- Dependencies and third-party services are evaluated for operational and security risk.
AI systems
For AI and agentic systems, we design boundaries between untrusted input, model output, tools, secrets, and operational control planes. External content is treated as untrusted and must not be allowed to drive privileged actions without appropriate validation.
Responsible disclosure
If you believe you have found a security issue on moridna.com or a MORIDNA-operated system, contact [email protected] with enough detail for us to reproduce and assess the issue. Do not access, modify, delete, or disclose data that is not yours.
No certification claim
This page describes MORIDNA's security principles. It does not claim a particular certification, audit result, or compliance status unless separately stated in a signed agreement or official document.