A practical view of Northern Inference's security posture for procurement teams: AWS Canada inherited controls, Canadian-region routing, per-request custody, and the work underway toward formal SA&A.
AWS Canada inheritedca-central-1 by defaultPer-request custody headersITSG-33 mapping in progress
Where we are. Northern Inference is built for teams that need Canadian-residency AI infrastructure and clear procurement evidence. For Tier 3 workloads, customer data is routed through Canadian regions under AWS Canada's published attestations. We do not yet hold a department-issued Authority to Operate, but we can support a customer-led SA&A with operational evidence, custody controls, and an ITSG-33 PBMM mapping package in progress. If your team is evaluating sovereign Canadian AI infrastructure, the right contact is trust@northerninference.ca.
Inherited from AWS Canada
Northern Inference runs on AWS infrastructure in ca-central-1 (Montreal). The physical security, datacenter operations, host operating system, hypervisor, network fabric, and AWS service implementation fall within AWS's own compliance program. Their attestations apply to the substrate that runs us.
SOC 2 Type II. AWS independent auditor reports are available through AWS Artifact.
ISO 27001, 27017, 27018. Information security management, cloud-specific controls, and PII protection.
PCI-DSS Level 1. Applies to the cardholder-data path (Stripe relationship; we never see PAN).
FedRAMP Moderate. Where the underlying AWS service holds it, in the regions we operate in.
Canada Cloud Service Provider Assessment. AWS Canada's published GC-facing assessment, available from AWS account managers under NDA.
These attestations form the inherited-controls baseline we operate on top of. For procurement reviews, we can identify the AWS Artifact reports and inherited-control areas that map into the customer evidence package.
Operated by Northern Inference
The remainder of the ITSG-33 and Cloud Guardrails surface is operated by Northern Inference. The split below is intentionally concrete: controls that are live today, controls being formalized for procurement evidence, and controls that activate with a formal enterprise assessment.
Live
Canadian data residency by default
Tier 3 (managed_canadian_cloud) routes through AWS Bedrock and Azure OpenAI in Canadian regions only. Residency fails closed: a deployment whose underlying region drifts is refused service, not silently rerouted.
Live
Per-request chain of custody
Gateway model responses carry X-NI-Resolved-Region, X-NI-Resolved-Jurisdiction, X-NI-Resolved-Provider, and X-NI-Credential-Source headers. Customer audits can verify where each request was routed.
Live
Opt-in PII substitution
When enabled, names, emails, phone numbers, and identifiers are detected before prompts leave our infrastructure, replaced with realistic fakes, and restored in responses.
Live
Immutable audit trail
State-changing admin actions record to an indefinite-retention audit_logs table with actor, IP, user-agent, category, severity, and full detail. Filterable and exportable.
Live
Network defense in depth
CloudFront in front of every customer-facing endpoint. Origin reachable only from CloudFront IP ranges via iptables and ipset, refreshed daily. SSH key-only. MFA on every IAM principal.
Live
Encryption at rest and in transit
TLS 1.2 minimum on every customer endpoint. RDS, S3, and EBS encrypted with AWS-managed keys. BYOK provider credentials encrypted with Fernet keys held in AWS Secrets Manager.
In progress
System Security Plan
Formal ITSG-33 PBMM control-by-control mapping. Each control is classified as inherited, implemented, shared, planned, or not applicable. Available to procurement teams under NDA as the package matures.
In progress
Policy package
Information Security, Incident Response, Vulnerability Management, Access Control, Change Management, Backup, Cryptography, Supply Chain Risk, Personnel Security, and Acceptable Use policies. Formal review cadence is part of the procurement evidence package.
In progress
AWS Config conformance pack
Planned continuous evaluation of AWS resources against PBMM-aligned rules, including root MFA, CloudTrail coverage, encrypted storage, and public-exposure checks.
In progress
AWS WAF on CloudFront
Managed rule sets covering OWASP, bot control, and IP reputation. CloudFront is already in front of customer-facing endpoints; WAF managed rules are part of the hardening roadmap for Protected B workloads.
Activates with enterprise engagement
Continuous evidence platform
Continuous evidence tooling across cloud, source control, and operational systems. Activated when a formal enterprise assessment requires auditor-ready evidence collection.
Activates with enterprise engagement
Independent penetration test
Independent security testing by a qualified Canadian firm. Scheduled to align with the scope and evidence requirements of the customer assessment.
ITSG-33 and Cloud Guardrails coverage
The ~250 controls in the Protected B Medium Medium Medium baseline break out into four columns when applied to Northern Inference:
Inherited from AWS Canada. Physical security, host OS, hypervisor, and AWS service implementation. Evidence source: AWS Artifact.
Operated by Northern Inference. Identity and access management, audit logging, cryptography for data in transit and at rest, residency enforcement, custody headers, PII protection, and change history.
Shared responsibility. Customer user access, customer-side access reviews, customer-side incident response, and workload-specific operating procedures.
Activated with enterprise assessment. Continuous evidence tooling, independent assessment, and the formal SA&A package for the specific customer deployment.
The 12 Cloud Guardrails
1. Protect root and global admin accounts. Root MFA enforced. No daily use. No static root keys.
2. Manage access. Stealth admin auth via bcrypt and JWT with short access lifetime plus refresh rotation. MFA on IAM principals. Least privilege through AWS Managed Policy attachment.
3. Secure endpoints. TLS 1.2 minimum. Weak ciphers disabled at CloudFront and origin nginx.
4. Enterprise monitoring accounts. For formal enterprise deployments, we can support customer-directed audit and security evidence delivery into an agreed monitoring destination.
5. Data location. Tier 3 enforces Canadian region routing. Tier 4 (provider default) discloses non-Canadian residency on every request via custody headers and is opt-in per request.
6. Protection of data at rest. Encryption with AWS-managed keys today. Customer-managed key support is part of the in-progress hardening work.
7. Protection of data in transit. TLS 1.2+ throughout. No plaintext provider credentials in code or logs.
8. Segment and separate. Production VPC isolated. Customer portal, admin dashboard, and gateway have separate enforcement layers. Blue-green deploys keep configuration auditable.
9. Network security services. CloudFront Shield Standard active. AWS WAF managed rule sets and GuardDuty are part of the in-progress hardening work.
10. Cyber defence services. CloudWatch metric filters and alarms monitor application errors, worker failures, and provider-cost anomalies. Additional threat-intelligence integration can be scoped during enterprise onboarding.
11. Logging and monitoring. Application logs flow to /ni-platform/* log groups and state-changing admin actions record to audit_logs. Immutable log export is part of the in-progress hardening work.
12. Cloud marketplace configuration. Service enablement and account configuration are governed through controlled AWS account administration and change review.
Authority to Operate
Northern Inference does not yet hold an Authority to Operate from any federal department. An ATO is a department's risk acceptance of a specific deployment, not a portable vendor certification, so the assessment is completed with the customer and assessor for the workload in scope.
If your team is evaluating Canadian-residency LLM infrastructure for a Protected B workload, the contact for SA&A engagement is trust@northerninference.ca. We can support a Protected B Medium Medium Medium review with the operational controls already live in production and the formal documentation package in progress.
Available under NDA
AWS Artifact report references and inherited-control mapping guidance.
System Security Plan draft as it matures.
Per-request custody header verification against a test API key.