Skip to content

Trust & Safety Portal

Security, privacy, and compliance transparency.

ComplianceAide protects customer evidence, assessments, generated artifacts, and portal workspaces with a security program built around clear data boundaries, Azure-hosted infrastructure, and evidence-cited AI controls.

Report a Security Issue Privacy Policy Procurement Request
Azure-hosted TLS 1.2+ No public-model training Human-approved outputs

Overview

A central trust resource for buyers, security teams, and government procurement.

Use this page to understand ComplianceAide's operating boundaries, framework alignment, customer data handling, and security-response practices before procurement or vendor review.

Platform scope

Portal workspaces and assessments

Trust information covers MSP portal access, customer workspaces, assessments, evidence handling, generated artifacts, and related services.

Evidence boundary

Your evidence stays yours

Customer content is used to provide requested services and is not shared across customers or used to train public foundation models.

Control posture

Documented security program

The program is reviewed against recognized frameworks and updated as the platform, AI workflows, and customer obligations evolve.

Certifications & Framework Readiness

Framework-aware trust signals without overclaiming certification.

These are the public alignment and readiness areas ComplianceAide is tracking for buyers. Formal third-party certification or assessment status is called out only when applicable.

Cybersecurity Framework

NIST CSF 2.0

Security-program alignment and buyer-facing control posture mapped to Govern, Identify, Protect, Detect, Respond, and Recover.

Aligned
Baseline security

Cyber Essentials

Operational alignment around practical protections for access, devices, network exposure, malware defense, and secure configuration.

Tracked
Security controls

NIST SP 800-53 Rev. 5

Control-mapping reference for enterprise security, privacy, and assessment narratives across customer-facing trust materials.

Mapped
AI management

ISO/IEC 42001

AI management-system readiness paired with NIST AI RMF thinking for governed, human-approved AI compliance workflows.

Tracked
Defense readiness

CMMC Level 2

Readiness support is available for CMMC Level 2 workflows. Formal assessment or authorization status is pending.

Pending

Data Use

Customer content is used to provide the requested service.

ComplianceAide limits retention and use of submitted prompts, responses, policies, assessments, evidence, and generated work product.

Customer data handling

Operational-use boundary

  • Customer content is not used to train public foundation models.
  • Customer content is not shared with other customers.
  • Trusted cloud and AI providers are governed by provider agreements, security controls, and configured service settings.
  • Retention is limited to the operational period needed for service delivery, troubleshooting, security, and compliance obligations unless a customer agreement or legal requirement says otherwise.

Security Program

Azure-hosted, least-privilege, and designed for evidence-sensitive workflows.

ComplianceAide combines platform isolation, secure provider configuration, internal access controls, and monitored infrastructure for customer-facing compliance operations.

Hosting

Microsoft Azure

Services and data are primarily hosted on Microsoft Azure, with selected external providers used for specialized platform tasks.

Encryption

Transport and storage protections

ComplianceAide uses TLS for data in transit, performs regular backups, and limits customer-content retention based on operational and legal needs.

Access

Least privilege and MFA

Internal privileges follow least-privilege principles, critical security events are logged, and credentials are protected with strong policies and MFA.

Endpoint Security

Managed endpoint controls

Employee endpoints and cloud infrastructure instances use disk encryption. Corporate devices run endpoint detection and response tooling, and centralized management helps enforce consistent policies.

Network Security

Layered traffic and detection controls

Firewalls and network policies help regulate traffic. Network activity is centrally logged, with detection logic used to identify anomalies and potential threats.

Incident Response & Continuity

Prepared response, recovery, and vulnerability management.

ComplianceAide maintains incident-response, vulnerability-management, and business-continuity practices for platform resilience.

Incident response

Formal response plan

Security events are identified, contained, escalated, and remediated through a documented incident-response process.

Vulnerability management

Scanning and patching

Infrastructure and applications are continuously scanned, independent testing is used where appropriate, and critical patches are handled on an expedited schedule.

Disaster recovery

Geo-redundancy minded

Recovery objectives are reviewed as platform capabilities and customer obligations evolve, with periodic disaster recovery exercises.

Responsible Disclosure

Found a potential vulnerability?

ComplianceAide welcomes responsible reports from the security community and investigates valid submissions for appropriate remediation.

Email Security Procurement Request