Security & Compliance

System Status Report • Updated 2025

Verified

AICPA

SOC 2

Type I

SOC 2 Type 1

CogniSwitch has successfully completed the AICPA Service Organization Control (SOC) 2 Type 1 audit. This independent validation confirms that our security controls are suitably designed to protect customer data.

REPORT_ID: CS-SOC2-2024-Q4

Compliant

HIPAA

Compliant

HIPAA Compliant

Our architecture is designed in full accordance with the Health Insurance Portability and Accountability Act (HIPAA). We implement strict administrative, physical, and technical safeguards to ensure the confidentiality of PHI.

STATUS: BAA_READY

Security Controls

Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit. All keys managed via AWS KMS.

Access Control

Strict Principle of Least Privilege (PoLP). MFA enforced for all system access. Quarterly access reviews.

Penetration Testing

Annual third-party penetration testing and continuous automated vulnerability scanning.

Data Isolation

Customer data is logically isolated. We do not use customer data to train foundation models without explicit consent.

"We treat compliance not as a checkbox, but as a fundamental engineering constraint. Our system is deterministic by design, making it inherently more auditable and secure than probabilistic alternatives."