1. SECURITY ARCHITECTURE

1.1 On-Premise AI Processing

Video and AI threat detection NEVER leave your building. Guardian's neural network runs entirely on hardened hardware installed at your school. No video footage is ever transmitted to the cloud. No external servers can access your camera feeds. Even Guardian Systems Inc. cannot view your security footage.

• Local AI Processing: All threat detection happens on-site in real-time
• No Video Upload: Camera footage never leaves your network
• No External Access: Even Guardian cannot remotely view your feeds
• Complete Data Sovereignty: Your school owns and controls all data

1.2 Air-Gap Capability

Guardian operates completely independently of the internet. Your threat detection, alerts, and emergency response continue functioning even during network outages, cyberattacks, or complete internet disconnection. The system is designed for true air-gapped deployment in high-security environments.

1.3 Hybrid Cloud for Administrative Data (Optional)

Schools may optionally use encrypted cloud services for non-sensitive administrative data such as announcements, schedules, and parent communications. This data is encrypted with AES-256-GCM before leaving your network, and encryption keys remain under your control. Video and AI processing always remain on-premises regardless of this option.

2. ENCRYPTION

• Data at Rest: AES-256 encryption for all stored data
• Data in Transit: TLS 1.3 for all network communications
• Key Management: Hardware security modules (HSM) for key storage
• End-to-End Encryption: For all alert communications

3. ACCESS CONTROLS

• Multi-Factor Authentication: Required for all administrative access
• Role-Based Permissions: Granular access controls based on job function
• Single Sign-On: Integration with your identity provider
• Session Management: Automatic timeout and secure session handling

4. PHYSICAL SECURITY

• Tamper-Resistant Hardware: Devices detect and alert on physical tampering
• Secure Boot: Cryptographic verification of firmware integrity
• Encrypted Storage: Hardware-level encryption on all storage media

5. MONITORING AND LOGGING

• Audit Logs: Comprehensive logging of all system access and actions
• Anomaly Detection: AI-powered detection of unusual access patterns
• Real-Time Alerts: Immediate notification of security events
• Log Retention: Configurable retention based on your policies

6. VULNERABILITY MANAGEMENT

• Regular Updates: Automatic security patches and firmware updates
• Penetration Testing: Annual third-party security assessments
• Bug Bounty Program: Responsible disclosure program for security researchers
• Vulnerability Scanning: Continuous automated scanning

7. INCIDENT RESPONSE

Guardian maintains a comprehensive incident response plan including:

• 24/7 security operations monitoring
• Defined escalation procedures
• Customer notification within 72 hours of confirmed breaches
• Post-incident analysis and remediation

8. REPORT A VULNERABILITY

If you discover a security vulnerability, please report it to:
Email: security@guardiansystems.co