Compliance.
Attested controls. Aligned frameworks. The proof teams need to ship into regulated industries — kept current, kept on file, sent on request.
Independent audit covering security, availability, and confidentiality.
Administrative, technical, and physical safeguards for protected health information.
Data processing addendum, SCCs, and rights workflows on every plan.
A report, not a promise.
AuraOne maintains a SOC 2 Type II report covering security, availability, and confidentiality. The audit window is twelve rolling months, refreshed annually by an AICPA-registered firm.
The report is shared under NDA during procurement, alongside the controls matrix, deployment considerations, and the most recent penetration test summary.
- Security, availability, confidentiality
- Logical and physical access controls
- Change management and code review
- Vendor and subprocessor oversight
- Auditor letter and bridge letter
- Controls matrix mapped to CC1–CC9
- Pen test summary and remediation status
- Subprocessor list and incident history
Protected health information, handled in kind.
AuraOne supports HIPAA-oriented workflows for teams handling protected health information. Administrative, technical, and physical safeguards are configured to the requirements of the Security Rule, with evidence capture aligned to the Privacy Rule.
A Business Associate Agreement is executed during procurement when applicable. Audit logging, encryption in transit and at rest, and minimum-necessary access controls are in place for every covered workload.
- AES-256 encryption at rest, TLS 1.2+ in transit
- Role-based access with least privilege
- Audit logs retained for six years
- Workforce training and sanction policy
- BAA executed at procurement
- Breach notification within 60 days
- Risk analysis and management reviews
- Sub-BAAs with downstream subprocessors
The DPA is signed before you ask.
AuraOne operates as a data processor under the General Data Protection Regulation. A Data Processing Addendum incorporating the European Commission's Standard Contractual Clauses is available on every plan and is executed alongside the master agreement.
Data subject rights workflows — access, rectification, erasure, and portability — are surfaced as platform features so customer controllers can respond within statutory deadlines without bespoke engineering work.
- DPA with SCCs (2021 modules)
- Controller / processor roles defined
- Purpose limitation and minimization
- Records of processing activities
- Subject access request workflow
- Erasure and rectification tooling
- Data portability in standard formats
- EU-hosted region on request
The audit pack, on request.
Procurement reviews, security questionnaires, BAA discussions, and DPA addenda. One contact. Same business day.