Security & Compliance

Security at IntelligentOne

Healthcare demands the highest standard of data protection. Our platform is built HIPAA-first on Microsoft Azure — security is foundational, not bolted on.

Infrastructure Security

  • Microsoft Azure cloud — SOC 2 Type II, HIPAA BAA
  • AES-256 encryption at rest, TLS 1.2+ in transit
  • Azure Key Vault for secrets management (FIPS 140-2 HSMs)
  • Microsoft Defender for Cloud (Standard tier)
  • Network security groups and private endpoints

Access Control

  • Multi-factor authentication mandatory across all systems
  • Role-based access control via Microsoft Entra ID
  • Quarterly access reviews with documented evidence
  • Principle of least privilege enforced organization-wide

Data Protection

  • HIPAA compliant — BAAs with all data processors
  • No ePHI stored in AI models (Azure OpenAI data opt-out enabled)
  • Automated backups with geo-redundancy
  • Data classification: 4 tiers from Public to Restricted/ePHI

Monitoring & Incident Response

  • 24/7 Azure Monitor alerts across all production resources
  • Incident response plan with defined SLAs
  • HIPAA breach notification procedures
  • Activity logging and audit trails (365-day retention)

Compliance

  • HIPAA Security Rule compliant
  • Annual risk assessments
  • Security awareness training for all team members
  • Vendor security reviews with BAA enforcement

Enterprise Security

  • Microsoft Intune managed endpoints with disk encryption
  • Dependabot vulnerability alerts on all repositories
  • Branch protection and required code reviews
  • Confidentiality and NDA obligations for all personnel

Responsible Disclosure

Found a vulnerability? We appreciate your help keeping IntelligentOne and our customers safe.

security@intelligentone.ai

For general inquiries, visit our Support Portal

Trust Center — For compliance documentation, security questionnaires, or BAA requests, contact security@intelligentone.ai