Trust Center

Security is Not a Feature — It's the Architecture

Every layer of DevOps AI is built with security-first principles. From zero-trust networking to human-in-the-loop AI controls, your data and operations are protected by design.

View Compliance Report a Vulnerability

Compliance & Certifications

Industry-recognized certifications that validate our commitment to protecting your data.

SOC 2 Type II

Annual audit covering security, availability, processing integrity, confidentiality, and privacy trust service criteria. Verified by independent third-party auditors.

Certified

HIPAA

Full HIPAA compliance for healthcare MSPs. Business Associate Agreements (BAAs) available. PHI safeguards at every data layer.

Compliant

CMMC

Cybersecurity Maturity Model Certification alignment for defense and government MSPs. Controls mapped to NIST SP 800-171.

Aligned

FedRAMP

Federal Risk and Authorization Management Program compliance in progress. Targeting authorization for government cloud deployments.

In Progress

Zero-Trust Architecture

Every request is verified. Every connection is encrypted. Every access is logged.

Zero-Trust Networking

No implicit trust. Every request — internal or external — is authenticated, authorized, and encrypted before access is granted. Microsegmentation isolates every service boundary.

Encryption Everywhere

AES-256 encryption at rest. TLS 1.3 in transit. All secrets managed through Azure Key Vault with hardware security modules (HSMs). Zero plaintext storage.

Network Isolation

Each tenant operates in its own Azure Virtual Network with private endpoints. No shared network paths between MSP environments. Full VNET peering controls.

Identity & Access

Azure Entra ID and Google OIDC integration. Role-based access control (RBAC) at every layer. Conditional access policies. MFA enforced by default for all operator roles.

Threat Detection

Real-time anomaly detection. Azure Sentinel integration for SIEM. Automated incident response playbooks. Continuous vulnerability scanning across all platform components.

Audit Logging

Immutable audit trails for every action. Centralized log aggregation with tamper-proof storage. Configurable retention policies meeting compliance requirements.

Data Sovereignty

Your Data. Your Region. Your Rules.

DevOps AI runs entirely within your chosen Azure region. No data leaves your geography without explicit configuration. Full sovereignty by default.

  • Azure region selection during deployment
  • Data residency guarantees — stays in your Azure tenant
  • GDPR, CCPA, and regional privacy law compliance
  • Customer-managed encryption keys (BYOK)
  • Full data export and portability on request
US East US West US Central
EU West EU North UK South
Canada Central Australia East

Available Azure Regions — Deploy where your data must reside

Human-in-the-Loop Controls

AI recommends. Humans decide. Every AI action has a human override, an audit trail, and configurable approval workflows.

Human Override

Every AI-generated action can be overridden by an authorized operator. No autonomous execution without explicit human approval for high-impact operations.

Approval Workflows

Configurable multi-stage approval chains. Route critical AI recommendations through manager approval, change advisory boards, or client authorization before execution.

Audit Trail

Complete chain of custody for every AI decision. See what the AI recommended, who approved it, when it executed, and what the outcome was — all in one immutable log.

Responsible AI

AI You Can Trust and Explain

Our AI governance framework ensures that every model, every inference, and every recommendation is transparent, explainable, and aligned with your organizational policies.

  • Bias monitoring across all AI models
  • Model governance with version control and rollback
  • Explainability — see why AI made each recommendation
  • Configurable confidence thresholds per zone
  • Regular third-party AI ethics audits

Model Input

Ticket data, context, history

AI Inference

Recommendation generated with explanation

Human Review

Approve, modify, or reject

Execution + Audit

Action logged with full chain of custody

Trust Center

Detailed compliance documentation for each framework we support.

SOC 2 Type II — Security, Availability & Confidentiality

Our SOC 2 Type II report covers a 12-month observation period and is audited annually by an independent CPA firm. The report evaluates our controls across five trust service criteria:

  • Security: System protected against unauthorized access (physical and logical).
  • Availability: System available for operation and use as committed.
  • Processing Integrity: System processing is complete, valid, accurate, and authorized.
  • Confidentiality: Information designated as confidential is protected as committed.
  • Privacy: Personal information collected, used, retained, and disclosed in conformity with commitments.

Request our latest SOC 2 report under NDA by contacting security@rain.tech.

HIPAA — Healthcare Data Protection

DevOps AI maintains full HIPAA compliance for MSPs serving healthcare organizations. Our controls include:

  • Administrative Safeguards: Security management processes, workforce training, and contingency planning.
  • Physical Safeguards: Azure data center controls, facility access restrictions, and device media controls.
  • Technical Safeguards: Access controls, audit logging, integrity controls, and transmission security.
  • BAA Available: We execute Business Associate Agreements with all healthcare MSP customers.
CMMC — Cybersecurity Maturity Model Certification

DevOps AI is aligned with CMMC Level 2 requirements, mapping to the 110 security controls in NIST SP 800-171. Key areas include:

  • Access Control: Role-based access with MFA, session management, and least privilege enforcement.
  • Incident Response: Automated detection, containment, and reporting capabilities.
  • System & Communications Protection: Boundary protection, encrypted communications, and network segmentation.
  • Audit & Accountability: Comprehensive logging, tamper-proof audit trails, and alerting.
FedRAMP — Federal Authorization (In Progress)

We are actively pursuing FedRAMP Moderate authorization for our Azure Government Cloud deployment. Current progress:

  • System Security Plan (SSP): Completed and under review.
  • Security Assessment: Third-party assessment organization (3PAO) engaged.
  • Continuous Monitoring: ConMon program implemented with monthly vulnerability scanning.
  • POA&M: Plan of action and milestones tracking all remediation items.

Expected authorization timeline available upon request.

GDPR & International Privacy

DevOps AI supports international privacy regulations through comprehensive data protection measures:

  • Data Processing Agreements: Standard contractual clauses for cross-border data transfers.
  • Right to Erasure: Automated tooling for GDPR Article 17 deletion requests.
  • Data Portability: Full export of tenant data in standard formats.
  • Privacy by Design: Data minimization, purpose limitation, and storage limitation built into the platform.
Penetration Testing & Vulnerability Management

Continuous security testing ensures vulnerabilities are identified and remediated before they can be exploited:

  • Annual Penetration Testing: Conducted by independent third-party security firms.
  • Continuous Scanning: Automated vulnerability scanning of infrastructure, dependencies, and application code.
  • Bug Bounty: Responsible disclosure program for security researchers.
  • Patch Management: Critical vulnerabilities patched within 24 hours. High within 72 hours.

Report a Security Concern

We take every security report seriously. Use the form below or email us directly.

Prefer email? Reach us at security@rain.tech
For encrypted communication, use our PGP key.

Ready to See Security in Action?

Schedule a security-focused demo to walk through our architecture, compliance controls, and trust center.

Request Security Demo View Architecture →