> ## Documentation Index
> Fetch the complete documentation index at: https://knowledge.goautonomous.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Security and Governance

## Enterprise-Grade Security for Autonomous Commerce

**At Go Autonomous, trust is not a claim — it's an architecture.**

Security is embedded in the foundation of the Execution Fabric, governing how data moves, decisions are executed, and systems operate across the enterprise.

Every component is designed for integrity, scalability, and compliance from day one — validated through independent audits and continuous performance testing.

Certified infrastructure across global regions ensures operational resilience and uninterrupted execution for even the most demanding environments.

Go Autonomous delivers it through architecture built to protect every transaction and decision at enterprise scale.

## Security & Governance Principles

<Columns cols={2}>
  <div>
    1. **Built-in, not bolted on**

       Security is embedded into every autonomous process — from data to decision.
  </div>

  <div>
    2. **Governance by design**

       Accountability and compliance are built into every decision.
  </div>

  <div>
    3. **End-to-end encryption**

       All data and transactions are encrypted in motion and at rest.
  </div>

  <div>
    4. **Data sovereignty and control**

       Your data stays yours — visible, private, and erasable on demand.
  </div>

  <div>
    5. **Defense-in-depth**

       Layered controls protect systems, infrastructure, and identities.
  </div>

  <div>
    6. **Continuous assurance**

       Independently audited, continuously monitored, and always improving.
  </div>
</Columns>

***

## Security at the Core of Autonomous Enterprises

<CardGroup cols={3}>
  <Card title="SOC 2 Type II" icon="shield" />

  <Card title="GDPR" icon="star-of-life" />

  <Card title="CREST" icon="clipboard-check" />
</CardGroup>

Go Autonomous protects every autonomous decision, transaction, and dataset with world-class security and governance.

<div className="flex justify-center"><a href="https://trust.goautonomous.io/" target="_blank" rel="noopener">Explore Trust Center →</a></div>

***

## Security & Governance FAQ

<AccordionGroup>
  <Accordion title="How does Go Autonomous protect information and assets?">
    Go Autonomous protects information and assets through continuous threat analysis, use of certified state-of-the-art cloud data centers, redundant infrastructure, and strict identity and access management. Controls include multi-factor authentication, biometric access, and role-based access management.
  </Accordion>

  <Accordion title="What encryption standards are applied?">
    Passwords are secured using the SHA-512 hashing function with salting. All customer data stores are encrypted using AES-256. Data in transit is protected through TLS encryption, encrypted VPN channels, and SSH for administrative access.
  </Accordion>

  <Accordion title="How does Go Autonomous manage vulnerabilities?">
    Vulnerability management includes daily scans of repositories, containers, and cloud environments. Strict SLAs govern remediation timelines. The security program integrates static, dynamic, and software composition analysis, as well as continuous external attack surface management.
  </Accordion>

  <Accordion title="How is risk managed within the organization?">
    An enterprise risk management methodology identifies and prioritizes risks across security, operations, commercial, HR, and finance domains. Both technical and organizational controls—automated and manual—are implemented to ensure protection of critical assets in alignment with business objectives.
  </Accordion>

  <Accordion title="What is the governance framework based on?">
    Governance defines responsibilities, ensures consistent practices, and aligns operations with regulatory and legal requirements. The framework includes approved policies that exceed standard supplier terms, with management and employee roles clearly defined and operationalized.
  </Accordion>

  <Accordion title="How are employees trained and made aware of security practices?">
    All employees undergo background screening, onboarding, and continuous training on security and compliance. Go Autonomous promotes organization-wide awareness and provides regular updates through its Trust Center to keep stakeholders informed.
  </Accordion>

  <Accordion title="What certifications and independent audits are maintained?">
    Go Autonomous maintains a SOC 2 Type II attestation and an ISAE 3000 – GDPR attestation, and undergoes annual penetration testing by CREST-accredited testers. Continuous monitoring and external audits verify compliance with SOC 2 and GDPR standards.
  </Accordion>

  <Accordion title="How does Go Autonomous secure endpoints and remote access?">
    All corporate devices are centrally managed with mobile device management (MDM) and protected with anti-virus and anti-malware software. Remote access is secured using Cisco Meraki and VPN connections, with real-time blocking at both network and endpoint levels. Disk encryption, screen locks, and data loss prevention are enforced across all devices.
  </Accordion>
</AccordionGroup>