SHEET 01Security & TrustGOVERNED

Autonomous action requires trust. Trust requires visibility and control.

assistents.ai is built for environments where governance, compliance, and explainability are hard requirements.

Request security review Governance architecture

SOC 2 Type II
GDPR
ISO 27001
HIPAA-Ready
Full Audit Trails

4Compliance certifications

47Active security controls

100%Agent actions logged

<200msPolicy evaluation latency

SHEET 02Compliance PostureAUDITED

Independently verified. Continuously monitored.

Every certification backed by operational controls, independent audits, and exportable evidence for your compliance teams.

Spec noteCompliance posture

The operational readiness of an AI platform to meet regulatory and industry security requirements: demonstrated through active controls, independent audits, and exportable evidence.

Frameworks 4Controls 47 activeEvidence Export-ready

FrameworkStandardScopeEvidenceStatus

SOC 2 Type IIAICPA TSCSecurity, availability, confidentialityReadyCertified

GDPREU 2016/679Data residency, consent, right-to-deletionReadyCompliant

ISO 27001ISO/IEC 27001ISMS, risk management, incident responseReadyAligned

HIPAA45 CFR 164PHI safeguards, BAA availabilityReadyCapable

SHEET 03Control DomainsDOM-01..05

Security controls across five domains

Compliance, data protection, identity, network, and audit. Each domain enforces its own controls within a single governance model.

DOM-01

Certifications & Compliance

Aligned with major enterprise assurance frameworks and control expectations.

SOC 2 Type II. Independent verification that security and confidentiality controls operate effectively over time.
GDPR Compliant. Data subject rights, lawful processing, minimization, and transfer protections built into operations.
ISO 27001 Aligned. Information security management aligned to risk, access, incident response, and continuous improvement standards.
HIPAA-Ready. Supports PHI handling safeguards and healthcare deployment requirements including BAA availability.

DOM-02

Data Protection

Data controls span encryption, tenancy isolation, model policy, and residency boundaries.

Encryption at Rest. Data is encrypted at rest using strong industry-standard encryption controls.
Encryption in Transit. All system communication is encrypted in transit with modern protocol standards.
Customer Data Isolation. Tenant boundaries and segmentation controls isolate customer environments.
No Training on Customer Data. Customer data is not used to train foundation models.
Data Residency Options. Regional data placement options support jurisdiction-specific requirements.

DOM-03

Identity & Access Management

Identity posture is enforced across users, agents, and action scopes.

Single Sign-On (SAML 2.0, OIDC, Azure AD, Okta)
Multi-Factor Authentication
Role-Based Access Control
Granular data, agent, and action permissions

DOM-04

Network Security

Infrastructure boundaries are designed for controlled exposure and network hardening.

VPC isolation
Private endpoints
DDoS protection
Web Application Firewall (WAF)
IP allowlisting

DOM-05

Audit & Explainability

Every decision and action can be traced with source and policy evidence.

Complete Audit Logs. Records what happened, when, why, what data was used, and who approved.
Natural Language Explanations. Decision rationale is available in plain language for operational stakeholders.
Rule Citations. Each decision ties directly to the specific rule or policy applied.
Export-Ready Documentation. Compliance and evidence outputs can be exported for audit workflows.
Real-Time Monitoring. Operational and governance posture can be monitored continuously.

SHEET 04Trust ArchitectureDEFENSE-IN-DEPTH

Defense-in-depth from network edge to agent runtime

Every layer enforces its own controls independently. No single point of failure. Full verification at every boundary.

Four independent layers of security enforcement. Each verifies independently, so there is no single point of failure.

Network perimeter stops unauthorized access. Application layer verifies identity and permissions. Data layer encrypts and isolates. Agent runtime operates within governed boundaries.

Explore architecture

All layers independently verified

SHEET 05Security ArchitectureENFORCED

Every request passes through layered enforcement

No shortcuts. No bypasses. Full audit at every step.

Enforcement pipelineActive

01Request Received

Incoming API call

02Auth Verify

OAuth 2.0 + MFA

03RBAC Check

Role permissions

04Policy Eval

Business rules

05Audit + Execute

Log then act

Enforced

Encryption

AES-256 at rest, TLS 1.3 in transit. Key rotation automated.

Enforced

Access Control

OAuth 2.0 + SSO, MFA, RBAC, IP allowlisting.

Enforced

Audit Logging

Immutable logs with full decision context. SIEM integration.

Verified

Compliance

SOC 2 Type II, GDPR, HIPAA, ISO 27001 aligned.

47Active controls

99.99%Uptime SLA

ZeroSecurity breaches

4Certifications

SHEET 06Deployment FlexibilityCLOUD / ONPREM / HYBRID

Your infrastructure, your terms

The same governance model runs across all deployment modes. Security posture is consistent regardless of where workloads execute.

cloud

Cloud-Managed

Fully managed by assistents. SOC 2 certified infrastructure with auto-scaling and managed updates.

SOC 2 certified infra
Auto-scaling
Managed updates
99.99% uptime SLA

onprem

On-Premise

Deployed within your data center or private cloud. Full data sovereignty and air-gapped options.

Your data center
Air-gapped option
Custom key management
Full audit control

hybrid

Hybrid Architecture

Split workloads across managed cloud and your controlled infrastructure. Single governance plane.

Flexible topology
Unified governance
Cross-boundary sync
Single control plane

SHEET 07Sign-offREADY

Run a security deep dive with your governance stakeholders

We can review control mappings, evidence outputs, and deployment boundaries against your internal security and compliance requirements.

Schedule security session Governance architecture

Scope: Security & Trust · Enterprise governance
Frameworks: SOC 2 · GDPR · ISO 27001 · HIPAA
Controls: 47 active · Export-ready evidence
Sheet: 07 of 07 · Security

Review your security posture

Walk through control mappings and evidence outputs against your compliance requirements.

Schedule security session

Explore governance architecture

See how RBAC, audit logging, and the Semantic Governor enforce policy at every layer.

View architecture