Security Audit
Security Posture
Security is foundational, not promotional. Infrastructure is designed for regulated environments. Controls are ongoing and subject to continuous improvement.
Security Controls
Role-Based Access Control
Access scoped by role (Patient, Admin, Employer, Reseller) and organization. Users see only what they're authorized to access.
Tenant Isolation
Employer data is logically isolated via employerId scoping. Cross-tenant access is structurally prevented.
Audit Logging
High-stakes actions are logged with timestamp, actor, and rationale.
Authentication
Authentication provided via Clerk with session validation.
Certification and Attestation Status
Claims are published only when evidence exists. Statuses below are sourced from the trust claim registry.
HIPAA Compliance Certification
Formal HIPAA compliance certification claim.
SOC 2 Type II
Independent SOC 2 Type II attestation.
ISO 27001
ISO/IEC 27001 certification status.
HITRUST CSF Certification
HITRUST certification status.
Third-Party Penetration Testing
Independent penetration testing program.
Procurement Artifacts
Legal and security diligence artifacts are published in the enterprise trust center with explicit version and date metadata.
Open enterprise trust centerResponsible Disclosure
Security concerns should be reported to security@boundedhealth.com. Reports are reviewed promptly. Response timelines depend on severity and scope.