Transparency and consent
Privacy policy, Terms of Service, login consent text, and policy links are surfaced in the app experience.
Compliance readiness
Built for European privacy, security, and responsible AI expectations.
QualiRise AI is built with core GDPR, SOC 2, ISO 27001, NIS2, and EU AI Act readiness controls already in place, giving customers a clear foundation for procurement, security review, and responsible AI adoption.
GDPR readiness
Privacy controls for EU personal data.
QualiRise AI includes product controls that support transparency, data-subject rights, minimization, retention, and secure processing.
User data rights
Authenticated users can export their data and request erasure of UI preferences and personal audit identifiers.
Minimization and retention
PII redaction, configurable retention periods, ephemeral sessions, and non-persistent Jira credentials reduce exposure.
SOC 2 readiness
Controls enterprise buyers expect in security review.
The app includes technical security controls commonly mapped to SOC 2 Trust Services Criteria for access, monitoring, change, and risk management.
Secure access
Signed HttpOnly sessions, constant-time secret comparison, HTTP security headers, and auth rate limiting protect access flows.
Security-event logging
Login, logout, OAuth, and data-rights events are recorded to the audit trail for traceability.
Quality gates
CI checks, tests, builds, and dependency audit checks support controlled delivery and vulnerability awareness.
ISO 27001 readiness
Documented security management foundation.
QualiRise AI maintains an ISMS documentation set and maps product controls to ISO 27001:2022 Annex A security expectations.
ISMS scope and risk
ISMS scope, clauses 4-10, risk assessment, and a starter risk register are tracked for governance review.
Statement of Applicability
All 93 Annex A:2022 controls are represented in a Statement of Applicability with implementation references.
Security practices
Access control, cryptography, data masking, deletion, logging, vulnerability handling, and change controls are mapped.
NIS2 readiness
Cybersecurity governance aligned to EU expectations.
QualiRise AI tracks NIS2 cybersecurity risk-management measures, incident reporting, governance accountability, and vulnerability handling.
Risk measures
Article 21 cybersecurity measures are mapped to product controls and operational documentation.
Incident reporting
The NIS2 reporting workflow is documented around the 24-hour, 72-hour, and one-month notification milestones.
Vulnerability handling
Responsible disclosure and dependency audit checks support vulnerability detection and response readiness.
EU AI Act readiness
Responsible AI controls for generated QA artifacts.
QualiRise AI treats AI-generated QA artifacts as a governed workflow: labelled, reviewed by people, and recorded with provider and model context.
Risk classification
The product is documented as limited-risk for AI Act readiness, focused on transparency obligations.
AI transparency
Generated acceptance criteria and test cases display an AI-generated badge with provider and model details.
Human oversight
Users review generated QA artifacts before applying changes or opening pull requests, preserving accountability.
Customer assurance
A clear compliance foundation for European teams.
These controls help customers evaluate QualiRise AI across privacy, security, cyber-risk, and responsible AI requirements before adoption.
Procurement support
Readiness controls are documented so security and procurement teams can review the product faster.
Responsible adoption
AI-generated QA artifacts stay transparent, traceable, and subject to human review before use.
Legal context
Formal legal applicability, contractual terms, and certifications depend on customer context and qualified counsel review.