Request a demo

SECURITY & TRUST

We cannot touch your control systems. We designed it that way.

Water utilities are right to ask hard questions about any technology that connects to operational systems. This page answers them, starting with the architectural decision that defines everything we build.

01 — THE QUESTION

Every utility considering AI asks the same question.

"What happens if this thing gets into our control systems?"

It is a fair question. Water treatment is critical infrastructure. SCADA networks were designed to be isolated for good reason. Any technology that touches operational data needs to earn its place through architecture, not promises.

Most software vendors answer this with a list of certifications and a security questionnaire. We answer it with how the system was built.

02 — THE ARCHITECTURE

Read-only by design. No exceptions.

Data flows one direction: from your plant to the cloud. The platform has no capability to write commands back to control systems.

OCore IT/OT Security Architecture: read-only data flow from plant SCADA systems through edge gateway to cloud platform, with one-way arrows showing no write-back capability
FIG. C — ONE-WAY DATA FLOW
01

Read-only access

OCore connects to your SCADA historians in monitoring mode only. We collect time-series data and surface insights. The platform has no capability to write commands back to plant control systems.

02

One-way data flow

Data moves in one direction: from your operational systems to the cloud analytics platform. We support edge gateway deployments for utilities requiring additional network isolation between IT and OT environments.

03

Fail-safe by default

If OCore goes offline, your operations continue unaffected. We are a decision-support tool, not a control system. All operational decisions require human approval and execution through your existing plant systems.

03 — AI UNDER HUMAN CONTROL

AI under human control.

AI in critical infrastructure raises legitimate questions. Here is how we answer them.

Human-in-the-loop design

OCore's AI provides recommendations and analysis. It does not take autonomous action. Operators can override, ignore, or modify any AI suggestion. Every recommendation includes plain-language reasoning so operators understand the basis for the insight, not just the conclusion.

The AI recommends. The operator decides. Always.

No training on customer data

OCore uses pre-trained foundation models. Your SCADA data is analyzed in real time for your operations only. It is never used to train or fine-tune models. When your data is deleted, it is gone. Complete data sovereignty.

Your data trains nothing. Your data tunes nothing. Your data stays yours.

Audit trails and explainability

Every AI recommendation is logged with its reasoning. Operator actions are tracked with timestamps and context. Full audit trail for compliance, accountability, and organizational learning.

Built for regulatory scrutiny

Water treatment AI is classified as high-risk under EU AI Act Annex III. Our human-in-the-loop design was built for that classification. Governance aligns with NIST AI Risk Management Framework principles.

04 — DEFENSE IN DEPTH

The technical controls behind the architecture.

01

Multi-tenant isolation

TimescaleDB with Row-Level Security (RLS) policies. Each utility's data isolated by tenant ID. Database-enforced access controls prevent cross-tenant data access.

02

Encryption

TLS 1.3 in transit from plant to cloud. AES-256 at rest. Key management through cloud provider KMS with regular rotation.

03

Access controls

Role-based access control with MFA available for all accounts. API keys with scoped permissions. Activity logging for all data access.

04

Data retention and deletion

Customer-controlled retention policies. Complete data deletion on request. Backup encryption and access controls.

05

Cloud infrastructure

Hosted on Amazon Web Services. OCore runs on AWS's certified infrastructure (SOC 2, ISO 27001) and follows cloud security best practices: tenant isolation, least-privilege access, encryption in transit and at rest, and continuous patching. Those certifications cover AWS's infrastructure, not an independent audit of OCore.

06

Monitoring and incident response

Infrastructure monitoring with automated alerting. Incident response procedures documented and tested. Coordinated vulnerability disclosure policy.

05 — THE FRAMEWORKS

Designed around the frameworks your industry trusts.

Our architecture was not designed and then mapped to compliance frameworks afterward. The frameworks informed the design.

Water sector security

AWWA · EPA · CISA · WATERISAC

OCore's read-only integration and edge gateway support follow AWWA v4.0 Appendix I guidance on cloud SCADA security. The separation of IT and OT systems satisfies the most critical control in EPA cybersecurity guidance for water systems. Our fail-safe design means a platform outage has zero impact on plant operations, meeting CISA critical infrastructure resilience requirements. Audit trails support the incident documentation that WaterISAC recommends for water sector information sharing.

Cybersecurity frameworks

NIST CSF 2.0 · NIST AI RMF

The platform addresses each function of the NIST Cybersecurity Framework 2.0 (Identify, Protect, Detect, Respond, Recover) through architectural design rather than bolted-on controls. AI governance aligns with NIST AI Risk Management Framework principles for trustworthy AI: human oversight, transparency, data governance, and explainability.

International standards

EU AI ACT · GDPR

OCore's human-in-the-loop design satisfies EU AI Act transparency and oversight requirements for high-risk AI in critical infrastructure. Data handling practices align with GDPR principles including data minimization, purpose limitation, and the right to deletion.

OUR APPROACH TO CERTIFICATION

We prioritize architecture and transparency over certification theater. SOC 2 Type II and ISO 27001 are on our roadmap. We do not provide specific timelines because these processes depend on multiple factors. What we commit to is building the right architecture from day one and showing our work along the way.

06 — WE SHOW OUR WORK

We show our work.

We understand that procurement teams need detailed documentation and that IT directors need technical depth. We are happy to walk through our architecture and provide what your team needs to move forward.

01

Architecture documentation

Detailed documentation of our security architecture and controls, walked through with your team on request.

02

Security review call

Schedule a technical walkthrough with our team. We welcome hard questions.

03

Security questionnaires

We respond to vendor security assessments including CAIQ and SIG Lite formats.

Contact our security team SECURITY@OCORE.IO