Governance Controls — On by Default
Unlike platforms that treat security as an add-on, Songlines Control ships with all critical governance controls enabled out of the box. Administrators can configure, not compromise.
Core Security Architecture
Sovereign-First Infrastructure
All data processed through our managed SaaS platform remains entirely within Australia. No offshore routing, processing, or storage — guaranteed.
Zero-Trust Architecture
Every request is authenticated, authorised, and evaluated against enterprise policy before execution. Least-privilege access enforced at every layer.
Immutable Audit Trail
All records are cryptographically signed using SHA-256 and HMAC. Records cannot be modified or deleted — providing tamper-evident logs for regulatory submissions.
PII Auto-Redaction
PII, PHI, and sensitive corporate data are automatically detected and redacted at the edge. Sensitive information never reaches external AI models.
Role-Based Access Control
Granular RBAC with per-user AI spend attribution. Admins, users, and service accounts each have precisely scoped permissions — nothing more.
Flexible Deployment
Deploy as Managed SaaS (Australian region), Private Cloud / VPC, or fully air-gapped on-premise. The same control plane, any environment.
Immutable Audit & Compliance Log
Every AI interaction — request, model selection, policy decision, token count, cost, and outcome — is recorded in a tamper-evident log. The audit trail is ISO 27001 aligned and IRAP-ready for Australian government compliance requirements.
Compliance & Regulatory Alignment
Songlines Control is designed to support compliance across the frameworks that matter most to Australian enterprise and government organisations.
-
ISO 27001
Our Information Security Management System is aligned with ISO 27001 standards. Security controls are embedded in the product architecture, not bolted on.
-
IRAP Ready
Our architecture is designed to meet the Australian Government Information Security Manual (ISM) controls required for IRAP assessment — making Songlines Control suitable for government deployments.
-
ISO 42001
Aligned with the international standard for AI Management Systems — providing a governance framework for responsible AI deployment at enterprise scale.
-
Essential Eight
We implement the ACSC Essential Eight maturity model across our corporate and production environments, including application control, patching, and multi-factor authentication.
-
Privacy Act
Songlines Control supports compliance with the Australian Privacy Act 1988, including data residency controls, PII redaction, and access audit trails.
-
APS AI Policy
Designed to support Australian Public Service AI use policy requirements, including human oversight, transparency, and accountability for AI-assisted decisions.
Vulnerability Disclosure
We welcome responsible disclosure from the security community. If you believe you have discovered a security vulnerability in our platform, please contact our security team at security@cetusai.com.au. We will acknowledge receipt within 24 hours and respond with a remediation timeline within 72 hours.