SECURITY & TRUST
We cannot touch your control systems. We designed it that way.
Water utilities are right to ask hard questions about any technology that connects to operational systems. This page answers them, starting with the architectural decision that defines everything we build.
Every utility considering AI asks the same question.
"What happens if this thing gets into our control systems?"
It is a fair question. Water treatment is critical infrastructure. SCADA networks were designed to be isolated for good reason. Any technology that touches operational data needs to earn its place through architecture, not promises.
Most software vendors answer this with a list of certifications and a security questionnaire. We answer it with how the system was built.
Read-only by design. No exceptions.
Data flows one direction: from your plant to the cloud. The platform has no capability to write commands back to control systems.
Read-only access
OCore connects to your SCADA historians in monitoring mode only. We collect time-series data and surface insights. The platform has no capability to write commands back to plant control systems.
One-way data flow
Data moves in one direction: from your operational systems to the cloud analytics platform. We support edge gateway deployments for utilities requiring additional network isolation between IT and OT environments.
Fail-safe by default
If OCore goes offline, your operations continue unaffected. We are a decision-support tool, not a control system. All operational decisions require human approval and execution through your existing plant systems.
AI under human control.
AI in critical infrastructure raises legitimate questions. Here is how we answer them.
Human-in-the-loop design
OCore's AI provides recommendations and analysis. It does not take autonomous action. Operators can override, ignore, or modify any AI suggestion. Every recommendation includes plain-language reasoning so operators understand the basis for the insight, not just the conclusion.
The AI recommends. The operator decides. Always.
No training on customer data
OCore uses pre-trained foundation models. Your SCADA data is analyzed in real time for your operations only. It is never used to train or fine-tune models. When your data is deleted, it is gone. Complete data sovereignty.
Your data trains nothing. Your data tunes nothing. Your data stays yours.
Audit trails and explainability
Every AI recommendation is logged with its reasoning. Operator actions are tracked with timestamps and context. Full audit trail for compliance, accountability, and organizational learning.
Built for regulatory scrutiny
Water treatment AI is classified as high-risk under EU AI Act Annex III. Our human-in-the-loop design was built for that classification. Governance aligns with NIST AI Risk Management Framework principles.
The technical controls behind the architecture.
Multi-tenant isolation
TimescaleDB with Row-Level Security (RLS) policies. Each utility's data isolated by tenant ID. Database-enforced access controls prevent cross-tenant data access.
Encryption
TLS 1.3 in transit from plant to cloud. AES-256 at rest. Key management through cloud provider KMS with regular rotation.
Access controls
Role-based access control with MFA available for all accounts. API keys with scoped permissions. Activity logging for all data access.
Data retention and deletion
Customer-controlled retention policies. Complete data deletion on request. Backup encryption and access controls.
Cloud infrastructure
Hosted on Amazon Web Services. OCore runs on AWS's certified infrastructure (SOC 2, ISO 27001) and follows cloud security best practices: tenant isolation, least-privilege access, encryption in transit and at rest, and continuous patching. Those certifications cover AWS's infrastructure, not an independent audit of OCore.
Monitoring and incident response
Infrastructure monitoring with automated alerting. Incident response procedures documented and tested. Coordinated vulnerability disclosure policy.
Designed around the frameworks your industry trusts.
Our architecture was not designed and then mapped to compliance frameworks afterward. The frameworks informed the design.
Water sector security
AWWA · EPA · CISA · WATERISACOCore's read-only integration and edge gateway support follow AWWA v4.0 Appendix I guidance on cloud SCADA security. The separation of IT and OT systems satisfies the most critical control in EPA cybersecurity guidance for water systems. Our fail-safe design means a platform outage has zero impact on plant operations, meeting CISA critical infrastructure resilience requirements. Audit trails support the incident documentation that WaterISAC recommends for water sector information sharing.
Cybersecurity frameworks
NIST CSF 2.0 · NIST AI RMFThe platform addresses each function of the NIST Cybersecurity Framework 2.0 (Identify, Protect, Detect, Respond, Recover) through architectural design rather than bolted-on controls. AI governance aligns with NIST AI Risk Management Framework principles for trustworthy AI: human oversight, transparency, data governance, and explainability.
International standards
EU AI ACT · GDPROCore's human-in-the-loop design satisfies EU AI Act transparency and oversight requirements for high-risk AI in critical infrastructure. Data handling practices align with GDPR principles including data minimization, purpose limitation, and the right to deletion.
OUR APPROACH TO CERTIFICATION
We prioritize architecture and transparency over certification theater. SOC 2 Type II and ISO 27001 are on our roadmap. We do not provide specific timelines because these processes depend on multiple factors. What we commit to is building the right architecture from day one and showing our work along the way.
We show our work.
We understand that procurement teams need detailed documentation and that IT directors need technical depth. We are happy to walk through our architecture and provide what your team needs to move forward.
Architecture documentation
Detailed documentation of our security architecture and controls, walked through with your team on request.
Security review call
Schedule a technical walkthrough with our team. We welcome hard questions.
Security questionnaires
We respond to vendor security assessments including CAIQ and SIG Lite formats.