Trust
Cushi Is Governance Infrastructure
It records that authorised activity guidance was acknowledged before its tasks were carried out
It does not certify compliance
It does not replace management systems
Security
Data is encrypted in transit and at rest
Multi tenant separation protects organisational data
Role based permissions control access
Acknowledgement records are immutable
Version history is permanent
Hosting is located in Australia where required
Data & Privacy
Acknowledgement records include
Activity identifier
Version number
User identity
Timestamp
Records are retained according to system design.
Records can be exported for review.
Cushi does not sell data.
AI Governance
AI related work is structured as activities made up of required tasks
Updates are version controlled
Acknowledgement is required before completion
Cushi does not monitor AI output or evaluate model behaviour
ISO & NIST Alignment
Cushi provides acknowledgement records that may support documented evidence in structured ISO and NIST environments.
Framework interpretation and compliance assessment remain the responsibility of the organisation.
Cushi is working toward formal certification
Certification is not claimed until complete
Legal
Terms and Privacy policies define usage boundaries
Cushi records acknowledgement before execution
Start
Trust begins with structure
Require acknowledgement
Keep the record
Hostile Audit – How It Works
No certification claims
Security statements are factual
Clear separation between contribution and compliance
Activity → tasks structure preserved
No inflated language
Word count reduced without weakening seriousness