Compliance and governance

Union.ai maintains industry-recognized certifications and aligns its security practices with established frameworks. The platform’s architecture (with strict data residency, tenant isolation, and control plane / data plane separation) inherently supports compliance requirements across regulated industries. This section covers certifications, regulatory alignment, organizational security practices, and vulnerability management.

This section covers:

• Certifications and Trust Center: Summary of all certifications, SOC 2 Type II detail, and the Trust Center.
• HIPAA compliance: How Union.ai supports HIPAA requirements for Protected Health Information.
• GDPR alignment: Data residency and the EU-region deployment model.
• Standards compliance: ISO 27001 and CIS benchmark control mappings.
• Shared responsibility model: Responsibility allocation for self-managed and BYOC deployments.
• Organizational security: Employee security lifecycle, governance controls, and the security development lifecycle.
• Vulnerability management: Vulnerability assessment, patch management, incident response, and third-party dependency risk.