Trust / IT review

The IT Review Pack, No NDA Required

If this was forwarded to you by someone in operations, you did not ask to be in this evaluation and your default answer is no. Fair. This page is written to be read cold, without a sales call, and it answers the veto questions directly: what we connect to, what we cannot do, what breaks if we break, and what we are not certified for.

The whole posture in one paragraph

KaizenFlow reads data out of the systems your plant already runs. Connections are read-only by default and are established outbound from your network. Nothing is installed on a machine. KaizenFlow does not write to PLCs and does not send commands to the floor: it cannot change a setpoint, and it cannot stop or start equipment. It observes; it does not control. If the link drops, or if our platform is down entirely, nothing stops on your floor. That is a property of the architecture, not a promise about our behavior.

Everything below is the detail behind that paragraph, in the order a reviewer usually wants it. The security page is the posture overview. This page is the review pack. What it does not contain is the material that only makes sense under an NDA, and the last section says exactly what that is and how to get it.

What leaves the plant, and what does not

Each connector reads only what it is scoped to read, and that scope is visible to your admins inside the product. It is not something we set once and keep to ourselves.

What leaves the plant:

  • Process tags from the historian, SCADA, or controller, limited to the tags in scope.
  • Event and state data: downtime events, fault codes, machine states, and their transitions.
  • Counts and timestamps: good parts, rejects, cycle boundaries, and when each occurred.
  • Cost rates you provide, so dollar impact is calculated on your numbers rather than our assumptions.

What does not leave the plant:

  • Control logic. We do not read ladder, function blocks, or program files.
  • Recipe IP. Process recipes are not part of what a connector is scoped to read.
  • Employee personal data. None is collected by default.

What does move is encrypted in transit with TLS 1.3 and at rest with AES-256. If your reviewer wants the tag-level answer rather than the category-level answer, ask for the exact list before you sign anything. That is a reasonable request and we should be able to produce it.

One direction onlyInside your networkPLC · SCADAHistorianMES · ERPOutbound · read-only · TLS 1.3No writes · no commands · no return pathKaizenFlowTenant-isolatedAES-256 at restIn scopeProcess tags · events · counts · timestamps · your cost ratesNot in scopeControl logic · recipe IP · employee personal data
Connectors read outbound from your network. There is no path back to the floor.

What it cannot do, by construction

This is the section that matters most to a controls person, so it is stated as a list of negatives rather than a list of features.

  • It cannot write to a PLC.
  • It cannot send a command to the floor.
  • It cannot change a setpoint.
  • It cannot stop or start equipment.
  • It cannot act at all. Every output is a recommendation to a person.

When the platform finds something, it routes the finding to a human, who decides and then acts through the systems and change-management procedures you already have. The safety boundary stays exactly where your controls team put it. Nothing about our roadmap depends on moving it.

The common objection here is a good one: exposing fifteen-year-old machines to the internet is usually a bad idea. We agree, and the read-only outbound posture is the answer to it, not a workaround for it. There is no inbound path to a controller, no listener on the plant side waiting for us, and no credential anywhere in our system that could write to one if it leaked. If your equipment is old enough that there is nothing worth reading, that is a different conversation, and we say so plainly on our Guidewheel comparison: plants with no PLCs worth reading and no ERP data are better served by clip-on sensing. KaizenFlow needs signals to read.

Failure modes

If the connection drops. Nothing, on your floor. KaizenFlow observes - it does not control - so a connectivity outage never stops a line. Analytics resume when the connection does; where an edge adapter is deployed, reads continue locally and sync when the link returns. The exact behavior for your topology is covered in the security brief.

If KaizenFlow is down. We target 99.9% uptime, and if we miss it, your line does not care. An outage on our side costs you analytics for the duration. It does not cost you production, because we introduce no single point of failure into anything that runs.

On troubleshooting a cloud service. A fair criticism of any cloud dependency is that it makes it harder to work out where a connection or latency problem started. That criticism holds, and we are not going to argue it away. What we can narrow is the blast radius: because KaizenFlow is not in the control path, a latency or connectivity problem in our direction is an analytics problem to be diagnosed on a normal timescale, not a production incident with a line down while someone bisects the network.

Access and accountability

Who can do what, and whether you can prove it afterwards.

  • Scoped, read-only credentials. Connectors authenticate with least-privilege credentials against the source system, scoped to what is being read.
  • Credential handling. Connector credentials are encrypted with Fernet symmetric encryption and are never logged in plaintext.
  • Authentication. JWT-based, with configurable token lifetimes so you set the expiry rather than accepting ours.
  • Authorization. Role-based access control across four roles: Admin, Manager, Engineer, and Viewer.
  • Rate limiting on sensitive endpoints.
  • Audit logging. Every recommendation and every action is attributable to an identity and audit-logged. Audit logs are retained for 24 months.

The attributability point is worth reading twice, because it is what makes the AI defensible in a review: no output is anonymous, and no action taken in the platform is untraceable.

Isolation and encryption

The standard platform is multi-tenant with strict logical isolation. Every database query is scoped by tenant ID, so one organization's manufacturing data is not reachable by another. Isolation boundaries are verified through regular security review.

Data is encrypted in transit with TLS 1.3 and at rest with AES-256. Enterprise deployments add private VPC isolation and support data-residency requirements, which is the option to look at if logical isolation alone does not clear your bar. It is worth being direct about the tradeoff: logical isolation is a strong control, and it is not physical isolation. If your policy requires the latter, price the Enterprise path from the start rather than discovering it in month three.

Certification status, without the spin

We operate to SOC 2 Type II and ISO 27001 control frameworks. We are not yet certified and claim no certification. There is no audit report, and there is no auditor's opinion to send you. Certification work is on our roadmap, and the roadmap itself is in the brief.

So, plainly: if a signed SOC 2 report is a hard procurement gate today, we do not clear it. You should not spend three weeks in a review discovering that, and we should not spend three weeks helping you not discover it. The honest sequence is to check that gate first, and if it is immovable, stop here and revisit us when we have the report.

If the gate is movable, or if you are evaluating a paid pilot rather than a production rollout, what we can give you is the underlying material: control documentation, architecture diagrams, the subprocessor list, and data-flow documentation. That is a weaker artifact than a certification and we are not going to describe it as anything else. It is enough for many reviewers to make a judgment, and judging it is your job, not ours.

AI, model providers, and what we do with your data

AI analysis runs through vetted model providers, specifically OpenAI and Anthropic, under contractual data-protection obligations. We do not sell your data, and we do not use it to train third-party models.

The part most vendors bury, stated here instead: aggregated, anonymized benchmarks may be used to improve the platform. That is set out in our terms and you should read the clause rather than take our summary of it. If aggregated benchmarking is a problem for your legal team, raise it in the first call, not the last.

AI output is advisory. Final decisions remain with your team, which is also why every recommendation is attributable and logged. On accuracy, we do not quote a fixed accuracy number, because a number quoted out of context is close to meaningless in a plant. We validate forecasts against real outcomes instead, and during a pilot those validations are yours to inspect.

Data lifecycle, retention, and exit

Your data is yours. That is not a slogan on this page; it is the operative fact behind the export and deletion mechanics below.

  • Retention. Manufacturing metrics are retained per your organization settings, defaulting to 12 months. Audit logs are retained for 24 months.
  • Export. Full export and API access are included on every plan, not gated behind a tier. Metrics, events, and the savings ledger can be pulled into your own systems at any time.
  • Exit. Either party may terminate with 30 days' written notice. On termination you get a 30-day data-export window, after which your data is permanently deleted in line with our retention policies.

The exit terms are written into our terms rather than promised in a deck, which is the only version of that promise worth anything to a reviewer.

Questions to ask us

If you end up on a call, these are the questions worth your time. Some of them we would rather not get. Ask them anyway, and treat a dodge as data.

  • Show me the exact tag list you will read on line 3, before we sign anything.
  • What is your incident response if a connector credential leaks? Who is notified, on what clock?
  • Who at KaizenFlow can see our data, under what circumstances, and is that access logged where we can see it?
  • You are not SOC 2 certified. What is the target date, who is the auditor, and what happens to our agreement if it slips?
  • Which of your 43-plus connectors have you actually run against a live plant, and which would be new for us?
  • What does the edge adapter run on, what does it talk to, and what does it need open?
  • What happens to our data if KaizenFlow is acquired, or shuts down?
  • If we terminate, what exactly is deleted at day 30, and how would we verify it?
  • Name a plant you should not have sold to.

We are at design-partner stage with no customers to point you at, which means the usual reference-call shortcut is not available to you. Adversarial questions are the substitute. They are a fair trade only if we answer them straight, and that is on us.

What the security brief adds

This page is deliberately the version you can forward without asking anyone's permission. The brief is the version for a formal review, and it adds the material that is specific enough to warrant an NDA:

  • Architecture diagrams.
  • The subprocessor list.
  • Data-flow documentation.
  • Control documentation mapped to the frameworks we align to.
  • The certification roadmap, with its current status.

Request it at /contact/?request=security-brief. It goes to your security and procurement teams directly, and it does not put you into a sales sequence.

Frequently asked

Does this touch our OT or control network? Only in the read direction. Connectors open outbound connections from your network and read from the sources you scope: PLC, SCADA, historian, MES, or ERP. KaizenFlow does not write to PLCs and does not send commands to the floor, and it never sits inline with anything that runs a line. If a connector stops, production does not notice.

Do you install anything on our machines? No agents on machines. Connectors read from systems that already expose data over OPC-UA, MQTT, Modbus TCP and RTU, REST, ODBC/SQL, MTConnect, FANUC FOCAS, or CSV/SFTP. Where a plant runs controllers too old to reach that way, a lightweight edge adapter is used to read them. Nothing is installed on a PLC or an HMI, and no control logic is modified.

Can we run this fully on-premise or air-gapped? Not fully air-gapped, and we will not pretend otherwise. The standard platform is multi-tenant cloud with strict logical isolation, where every query is scoped by tenant ID. Enterprise deployments support private VPC isolation and data-residency requirements. A fully air-gapped deployment is not what we offer today, so if that is a hard requirement, we are not your vendor.

Are you SOC 2 certified? No. We operate to SOC 2 Type II and ISO 27001 control frameworks. We are not yet certified and claim no certification, and certification work is on our roadmap. If a signed SOC 2 report is a hard procurement gate today, we do not clear it. What exists today is control documentation, architecture diagrams, the subprocessor list, and data-flow documentation, all shared in the security brief.

What are your subprocessors? AI analysis runs through OpenAI and Anthropic under contractual data-protection obligations. We do not sell your data or use it to train third-party models. The full subprocessor list is maintained in our Privacy Policy, and the current version is included in the security brief.

Request the full brief

Architecture diagrams, the subprocessor list, data-flow documentation, control documentation, and the certification roadmap, sent to your security and procurement teams.