Contact Us

Cushi.app

Cushi.app

Security Overview ISO27001 Roadmap

Effective Date: 1 December 2025
Version: 2.0
Issuing Entities:

  • Strategic Global Holdings Pty Ltd (ACN 693 256 503)
  • Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app

Governance Oversight: Group CEO, Strategic Global Holdings Pty Ltd
Review Cycle: Annual or earlier if required by law or operational change

1. INTRODUCTION

Superspeed.ai Pty Ltd (“Cushi”) maintains a modern, multi-layered security and governance program grounded in international standards and designed to protect users, data, systems, and AI-driven capabilities across global jurisdictions. This overview summarises our current controls, ISO alignment, roadmap to certification, and commitment to transparent, verifiable security governance.

2. SECURITY GOVERNANCE

Accountable Executive: CEO
Security & Compliance Lead: Oversees ISO alignment, risk management, IAM governance, incident response.
Data Protection Lead: Oversees privacy obligations under GDPR, APPs, CPRA, PIPL, LATAM.
Technology Leadership: Manages secure architecture, DevSecOps, monitoring.

Aligned with ISO/IEC 27001:2022, ISO 27701, NIST CSF 2.0, CSA CCM, APRA CPS 234.

3. SECURITY FRAMEWORK ALIGNMENT

Cushi integrates ISO/IEC 27001:2022 Annex A controls, NIST CSF 2.0 functions (Identify, Protect, Detect, Respond, Recover), CSA Cloud Controls Matrix, and Australian ISM principles.

4. CURRENT SECURITY CONTROLS

4.1 IAM

RBAC, MFA, least-privilege, auto-deprovisioning

4.2 Encryption

AES-256 at rest, TLS 1.2+ in transit

4.3 Network Security

Segmentation, hardened cloud infra, WAF, anomaly monitoring

4.4 Application Security

SSDLC, code reviews, SAST/DAST, dependency scanning

4.5 Vulnerability Management

Automated scanning, CVSS prioritisation, patching

4.6 Operational Security

SIEM, event correlation, privileged monitoring

4.7 Incident Response

ISO-aligned workflows, 24/7 monitoring, regulatory notifications

4.8 Business Continuity

ISO 22301-aligned DR, encrypted backups, RPO/RTO targets

5. SUPPLIER & SUBPROCESSOR SECURITY

Due diligence, risk assessments, contractual obligations, evidence of certifications, ongoing monitoring. Subprocessors must meet equivalent controls.

6. DATA PROTECTION & PRIVACY

Compliant with APPs, GDPR/UK GDPR, CPRA, PIPL, LATAM.
Cross-border safeguards include SCCs, UK Addendum, adequacy, and supplemental measures.
Includes Data Processing Agreement and regional addenda.

7. AI SECURITY & ETHICAL USE

AI safety reviews, guardrails, data isolation, harm-prevention mechanisms, ISO/IEC 42001 alignment.

8. ROADMAP TO ISO 27001 CERTIFICATION

Phase 1 (Completed): Governance, risk assessment, scope, Annex A control alignment, policy suite.
Phase 2 (Q2 2025): ISMS build-out, evidence capture, supplier assurance, internal audit setup.
Phase 3 (Q3 2025): Internal audit, gap analysis, leadership review.
Phase 4 (Q4 2025): External certification audit.
Phase 5 (Ongoing): Quarterly reviews, annual surveillance audits, continuous control monitoring.

9. COMMITMENT TO TRUST & TRANSPARENCY

Cushi commits to enterprise-grade security, ISO-aligned governance, ethical AI deployment, and transparent reporting to customers, regulators, and global partners.

Version Control, Review & Governance

© 2025 Superspeed.ai Pty Ltd (ACN 660 530 090), trading as Cushi.ai / Cushi.app.
Part of the Strategic Global Holdings Pty Ltd Group (ACN 693 256 503). All rights reserved.
Privacy: privacy@cushi.ai | Security: security@cushi.ai | Support: support@cushi.ai

Pin It on Pinterest

0
    0
    Your Cart
    Your cart is emptyReturn to Shop
    Continue Shopping