Security at Sulci

We build clinical data infrastructure. Security and compliance are foundational to everything we do.

Encryption

AES-256 encryption at rest, TLS 1.3 in transit. All PHI is encrypted with customer-managed keys available on Enterprise plans.

SOC 2 Type II (In Process)

Currently pursuing SOC 2 Type II certification. Our controls are designed around security, availability, and confidentiality trust service criteria.

HIPAA-Ready Architecture

Platform designed with HIPAA safeguards from day one. Administrative, physical, and technical controls aligned with the HIPAA Security Rule. BAA available.

Infrastructure

Hosted on SOC 2 and ISO 27001 certified cloud infrastructure. VPC isolation, private networking, and no shared tenancy for Enterprise.

Access Controls

Role-based access control (RBAC), SSO via SAML 2.0 and OIDC, multi-factor authentication, and comprehensive audit logging.

Incident Response

24/7 monitoring with automated alerting. Documented incident response plan with defined SLAs for notification and remediation.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly. We appreciate the security research community and will work with you to address any valid findings.

security@sulci.ai

Please wait while we fetch your data