Built for regulated industries — secure and compliant by design.
AxiomAim serves healthcare, life sciences, financial services, and security-conscious organizations. This page summarizes our security posture, compliance alignment, and how we handle your data — so your procurement and security teams can get answers without waiting for a call.
Security posture at a glance
Security is how we architect every system. Our founder has spent 25+ years building secure, audited, regulated platforms — including a SaaS solution fully compliant with FDA 21 CFR Part 11.
Encryption in transit & at rest
Data protected with TLS in transit and provider-managed encryption at rest.
Tenant isolation
Per-tenant/per-organization isolation; your data never shares a brain with anyone else's.
Least-privilege access
Role-based access control and least-privilege principles across systems we build.
Auditability
Immutable audit trails and non-repudiable e-signatures delivered in Part 11 systems.
Secrets management
Secrets held in managed vaults; never embedded in client code.
Secure SDLC
Dependency and secret scanning in CI; security review in the development lifecycle.
Compliance matrix
Framework alignment stated in plain language. We use "delivered / supported / aligned / in progress" precisely — we never claim a certification we don't hold.
| Framework | Applies to | Status | What it means |
|---|---|---|---|
| HIPAA / HITECH | Healthcare clients handling PHI | Supported · BAA on request | Our architecture supports HIPAA-compliant handling of PHI. We execute Business Associate Agreements on qualifying engagements. |
| FDA 21 CFR Part 11 | Life-sciences / regulated records | Delivered | Our founder led delivery of a cloud-native SaaS platform fully compliant with 21 CFR Part 11 — electronic records, non-repudiable e-signatures, immutable audit trails, and RBAC. |
| GxP (GMP/GLP/GCP) | Regulated life-sciences environments | Aligned | Engagements follow good-practice standards for regulated life-sciences work. |
| SaMD lifecycle (ISO 13485, IEC 62304, ISO 14971) | Software as a Medical Device | Supported | We apply medical-device software-lifecycle, quality, and risk-management practices to SaMD work. |
| SOC 2 Type II | Enterprise SaaS buyers | In progress | We are aligning our controls toward a SOC 2 Type II attestation. |
| ISO/IEC 27001 | Enterprise / infosec buyers | Aligned | Our information-security practices align with ISO/IEC 27001 controls. |
| NIST CSF 2.0 | Security-conscious buyers | Aligned | Our security program is organized around the NIST Cybersecurity Framework. |
| GDPR / UK GDPR | EU/UK data subjects | Aligned | We honor data-subject rights and process on a lawful basis. |
| US state privacy laws | US residents | Aligned | We honor consumer rights to access, delete, correct, and opt out, and provide a Do Not Sell/Share option. |
| NIST AI RMF 1.0 | All AI engagements | Aligned | Our AI work follows the NIST AI Risk Management Framework — governance, transparency, and human oversight. |
| ISO/IEC 42001 | AI management system | Aligned / evaluating | We are aligning AI-management practices with ISO/IEC 42001. |
| EU AI Act | AI touching the EU market | Aware / assessed | We assess AI systems for risk classification and consider high-risk obligations where the EU market is in scope. |
| WCAG 2.2 AA / ADA | All website visitors | Aligned | This site is built to conform to WCAG 2.2 Level AA. |
Statements are reviewed for accuracy before publication. BAAs available on qualifying engagements.
Healthcare & PHI
BAAs on request; PHI handling designed around the HIPAA Privacy, Security, and Breach Notification Rules; EHR/EMR and FHIR experience.
AI governance
We follow the NIST AI Risk Management Framework — human oversight, transparency, and bias mitigation across the model lifecycle.
Accessibility
This site is built to conform to WCAG 2.2 Level AA. Found a barrier? Email [email protected].
Security questions or a concern to report?
[email protected] · [email protected] · [email protected] · AXIOMAIM LLC, Atlanta, GA
Frequently asked questions
Is AxiomAim HIPAA compliant, and can it sign a BAA?+
AxiomAim architects systems that support HIPAA-compliant handling of PHI and executes Business Associate Agreements (BAAs) on qualifying engagements.
Does AxiomAim support FDA 21 CFR Part 11?+
Yes. Its founder led delivery of a cloud-native SaaS platform fully compliant with FDA 21 CFR Part 11 — electronic records, non-repudiable e-signatures, immutable audit trails, and role-based access control.
What security frameworks does AxiomAim align with?+
AxiomAim aligns its practices with SOC 2, ISO/IEC 27001, and the NIST Cybersecurity Framework, and follows the NIST AI Risk Management Framework for AI governance.
How does AxiomAim handle data privacy?+
AxiomAim collects the minimum personal data necessary, does not sell personal information, honors data-subject rights (access, deletion, correction, opt-out), and gates non-essential cookies behind consent.