Enterprise Security
by Design
WaiverPRO is built on a security-first architecture — with hardened infrastructure, strict access controls, and full compliance alignment from day one.
Six Layers of Protection
From identity to infrastructure, every layer is hardened, monitored, and independently verified.
Role-Based Access Control
Granular permissions at the user, group, and program level. Define who can submit, review, approve, configure, and report — with inheritance and custom overrides.
Identity & Authentication
Native SSO via SAML 2.0 and OpenID Connect. Multi-factor authentication enforced organization-wide. Session management with configurable timeouts and concurrent session limits.
Data Encryption
All data encrypted at rest using AES-256 and in transit via TLS 1.3. Customer data is logically isolated within multi-tenant infrastructure. Key rotation managed automatically.
Audit & Monitoring
Every action is logged with immutable timestamps, actor identity, and IP address. Real-time anomaly detection for unusual access patterns. Exportable logs for SIEM integration.
Tamper-Evident Records
Waiver records use cryptographic hashing to detect any unauthorized modification. Audit trails cannot be altered or deleted by any user, including administrators.
Disaster Recovery
Geographically distributed backups with point-in-time recovery. RPO under 1 hour and RTO under 4 hours for critical data. Quarterly recovery drills verified by third parties.
Certifications You Can Verify. Infrastructure You Can Trust.
FedRAMP
Controls mapped to FedRAMP Moderate baseline. Third-party assessment organization (3PAO) validation in progress.
SOC 2 Type II
Annual Type II audit by independent CPA firm covering security, availability, and confidentiality trust criteria.
NIST 800-53
All relevant security and privacy controls mapped to Rev. 5. Available for federal and defense-adjacent organizations.
HIPAA
Business Associate Agreements (BAAs) available. PHI handling controls, access logging, and breach notification procedures in place.
StateRAMP
Mapped to StateRAMP security requirements for state and local government procurement eligibility.
ISO 27001
ISMS implementation underway with target certification in Q4 2025. Internal audits complete.
Infrastructure & Operations
Microsoft Azure US
Primary hosting in Azure US regions with region-pair failover.
Dedicated Compute
No shared compute pools for production workloads. Container isolation enforced.
DDoS Protection
Azure DDoS Standard + CDN-level rate limiting. 99.99% uptime SLA.
Key Management
Azure Key Vault with HSM-backed keys. Customer-managed key option available.
Security Question? We Will Answer It.
Our security team is available for vendor security assessments, custom questionnaire completion, and on-call reviews with your InfoSec team.
Security questionnaire (VSAQ/SIG) responses available under NDA