v2.4.0 | Report Errata
docs security docs security

Training datasets often contain the most sensitive data in the ML pipeline. Access is restricted by the security team to authorised data engineers and model developers, with access logged and reviewed. Training data is encrypted at rest and in transit. Where training data includes personal data, the encryption key management aligns with the GDPR retention and deletion requirements documented in the data governance section.

Immutable audit logs record every access to training data, enabling the organisation to demonstrate that data handling complied with the documented governance framework. The audit trail captures read, write, and delete events with the user identity, timestamp, and scope of access. This audit trail is essential both for data poisoning detection and for GDPR accountability.

The training data security controls are documented jointly in Module 4 (data governance) and Module 9 (cybersecurity). The security team conducts quarterly access reviews to confirm that only currently authorised personnel have access, and that access permissions are proportionate to each person’s role.

Key outputs

  • Access controls restricting training data to authorised personnel
  • Encryption at rest and in transit
  • Immutable access audit trail
  • Module 4 and Module 9 AISDP documentation
On This Page