Published on
14/5/24

Security is not just a feature, It is our foundation.

Altura’s efforts to ensure your information is safe.

Author
Matthijs Huiskamp

In bid management you compete for contracts vital to your organisation, using large  amounts of sensitive information. Therefore data security is something that should be taken care of diligently. Even more so when using AI applications, which generate their output based on that data. 

Data safety

We understand that your proposal includes all of your inventive solutions, well-thought-out strategies, and the deepest darkest pricing secrets of your organisation. This needs to stay safe from the competition, as it’s crucial for your success. 

At Altura we take your data security seriously and we don’t think that the European Union currently acts fast enough and takes  extensive enough measures to cover your data’s integrity when using AI.

That’s why we have taken proactive measures to ensure absolute data security beyond legal requirements. Here is how  we do it: 

  • ISO 27001
  • All data servers in the European Union
  • Security access levels 
  • Your company’s own ecosystem
  • We only use LLMs that are not trained with data we, or our clients, provide

ISO 27001: Data safe to the highest degree

Our ISO 27001 certification confirms that we match the world's strictest benchmark for data security. This standard covers everything from limiting access to data, to ensuring that data cannot be altered without authorisation. For you, that means we have robust processes in place to identify, evaluate, and address information security risks throughout the entire organization. This allows us to mitigate any of your risks as strictly as possible.

Levels of access 

Within your organisation you give colleagues access to the appropriate information. This means you can be sure that you don’t share sensitive information or details with a person that is not authorised to read it. 

The industry’s strictest legislation

The prior measures allow us to maintain strict privacy and ethics standards. This makes us completely compliant with General Data Protection Regulation (GDPR); Europe’s data security and privacy law.

How we make sure your proposals are safe when working with AI

We partnered with OpenAI for our AI tools. Our OpenAI models are managed within Microsoft Azure API and hosted on servers located within the EU. This setup requires adherence to GDPR in the EU, which are the world’s strictest privacy regulations, preventing OpenAI from accessing or controlling the data used within Altura. 

Within Altura’s isolated environment you have your own secured storage that is only accesible to your own organisation. Anyone without this key is in no way able to interact with your data, or the actions and prompts that you put into your AI tools. This means you have your own private eco-system where all your proposals, documents and data are stored.

How we ensure the dependability of the AI’s answers

We assess the usability and ability of each AI tool to meet expected outcomes based on various use cases relevant to their intended functions on the platform. For instance, Proposal Search undergoes rigorous testing to ensure it can effectively locate detailed search terms within a proposal library.

For each specific use case, we conduct a range of tests using multiple datasets and samples, such as questions, actions, or interactions with the tool. Only when the responses meet our quality standards are the tools released in Altura.

Moreover, the AI solutions you use depend on the quality of data you provided, which includes documents, performance data, and queries. This input is typically verified or reviewed beforehand, ensuring consistent validity in the results.

FAQ

We have an NDA in place. Should Altura be considered a third-party provider?

Similar to applications such as SharePoint, Google Docs or MS Word, Altura is an application that is used with cloud capabilities. You do not directly share information with Altura. Therefore it is not considered as a third party in NDA contracting.

Are there any laws and regulations regarding AI or data that must be complied with in the field of privacy and ethics?

Although specific laws for Artificial Intelligence (AI) are expected in the next 2 to 3 years, data laws apply to many of the AI applications you know. The EU’s GDPR is the strictest data law of all, and prevents your data from being used to train any AI models, given you work in servers hosted in the EU. Since the Altura database is hosted in Azure API, these regulations apply to your data. 

Our ISO-27001 certification ensures your data security to the highest degree. This certification defines a variety of standards that cover everything from limiting access to data, to ensuring that data cannot be altered without authorisation. For you, that means we constantly maintain processes that identify, evaluate, and address information security risks throughout the entire organization.

What measures have been taken to prevent AI from working in a biased manner?

The platform does not currently include any tools that could potentially make biased decisions or generate biased content. More specifically, sensitive variables such as race, gender, or age do not play a role in the data that we use for our AI tools.

The AI solutions you use depend on the information that is provided to it. This information includes previous proposals, performance data, and your AI prompts or actions. Since this input has been produced by your organisation, or is performance data provided by you, it is correct and contains no bias from outside sources.

How has the accuracy of AI tools been tested and validated before being put into use?

For each AI tool, we set out a range of use cases. For each specific use case a variety of tests is done on multiple data sets, using multiple questions, actions, or other ways to interact with the tool. 

The results of these tests are assessed for their usability and ability to match expected outcomes. Only when the quality standards of the responses have been found sufficient, are the tools released in Altura.

Which parties have access to my data, and how can I be sure?

Our OpenAI models are managed within Azure API and hosted on servers located within the EU. We also store processed versions of data in Pinecone, a vector storage tool.

This setup requires adherence to SOC II Type 2, and GDPR in the EU, which is the world’s strictest privacy regulation. This approach directly prevents OpenAI from accessing or controlling the Altura isolated environment. 

Within Altura’s isolated environment you have your own secured storage ecosystem, with a customer-specific database that is only accessible with a unique customer key. Anyone without this key is in no way able to interact with your data, or the actions and prompts that you put into your AI tools. We have the highest security measures  in place to make sure no one outside of your organisation or without the right access can access through your customer key.

Can users gain access to documents to check Altura’s compliance with relevant Data and AI policies?

Our Sales and Customer Support team can provide you with compliance documents upon request.

How does Altura score on the key criteria for data security and protection?

Data Encryption:

All data going into and coming out of Altura is encrypted both in transit and at rest using industry-recognized standards such as AES-256 and ECDSA.

Data Separation:

We ensure the separation of your data from other customers' data through a combination of physical and access control boundaries. In practice, this means that our database is isolated from any other AI model interaction. Additionally, for files, we create a new storage container the moment you create an account, which can only be accessed by members of that specific account.

Data Lifecycle/Backups:

Hourly backups of all tabular data are stored in a separate database located in a different datacenter within the EU, which is not accessible by default. For files, we implement soft deletes with a retention period of 7 days, ensuring that we can always recover your data within that time frame.

Spendeer minder tijd aan admin taakjes en meer aan het winnen van bids

Maak jouw bidteam een geoliede machine door de automatisering van Altura. Plan nu een gesprek met ons team om onze oplossingen in actie te zien. Of bel direct naar: +31302271671