Quick Links
1 — Federal & VA Readiness
Supports federal security review discussions
Prepared for VA ATO planning conversations
Deployment requirements depend on use case
Hosting requirements may vary by customer
FedRAMP status depends on authorization path
2 — Compliance Status
Not FedRAMP Authorized unless stated
Not VA ATO-approved unless stated
Not certified under a framework unless stated
Requirements depend on data and deployment
Security documentation may support review
3 — Security Approach
Reasonable administrative safeguards
Technical protections for platform access
Secure data handling practices
Security requirements reviewed by deployment
Documentation available for review
4 — Access Control
Authorized users only
Customer-managed user access
Role-based permissions where available
Account activity may be reviewed
Access can be removed when users leave
5 — Data Protection
Customer data remains customer-owned
Limited internal access to customer records
Secure storage and transfer practices
Data handled only for approved purposes
Records protected according to agreement terms
6 — Monitoring & Logging
Platform activity may be logged
Logs may support security review
Issues are investigated when identified
Security events are reviewed as needed
Customers are notified when appropriate
8 — Backup & Recovery
Routine backup practices
Recovery planning for service continuity
Backup retention follows internal cycles
Customer data may be returned or deleted
Additional recovery terms may be agreed separately