Platform Foundations
Stark Assistant is deployed on Google Cloud Platform using regional clusters with automatic scaling and redundancy. Workloads run inside Google Kubernetes Engine with hardened node images and binary authorisation.
Data Protection
- Encryption in Transit & At Rest – TLS 1.2+/1.3 for all ingress and service-to-service calls; AES-256 at rest. Customer-managed encryption keys available for Enterprise customers via Cloud KMS.
- Data Residency – Default deployment in Google Cloud europe-west1 and us-central1 regions with failover. Optional single-region residency is available.
Access Controls
- SSO + SAML + SCIM provisioning.
- Admin actions require enforced MFA and are logged to Cloud Audit Logs.
- Stark staff access requires Just-In-Time elevation with automatic revocation and logging.
Monitoring & Detection
- Google Cloud Operations Suite for metrics and alerts.
- Chronicle SIEM ingests logs for anomaly detection.
- Runtime Application Self-Protection (RASP) guards critical endpoints.
Compliance & Testing
- SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 certifications in scope.
- Annual third-party penetration testing with remediation tracking.
- Continuous compliance monitoring via Drata.
Incident Response
- 24/7 security operations with response SLAs aligned to incident severity.
- Customer notification within 24 hours of confirmed high-severity incidents.
- Post-incident reports include root cause, remediation, and future prevention steps.
Business Continuity
- Multi-region backups stored in Google Cloud Coldline with 30-day retention.
- Quarterly disaster recovery drills including failover to secondary GCP region.
- RTO < 4 hours, RPO < 1 hour for core services.
For security questionnaires or custom reviews, contact security@starkassistant.com.