Skip to content
Trust & Compliance Center

Built for regulated industries — secure and compliant by design.

AxiomAim serves healthcare, life sciences, financial services, and security-conscious organizations. This page summarizes our security posture, compliance alignment, and how we handle your data — so your procurement and security teams can get answers without waiting for a call.

Security posture at a glance

Security is how we architect every system. Our founder has spent 25+ years building secure, audited, regulated platforms — including a SaaS solution fully compliant with FDA 21 CFR Part 11.

Encryption in transit & at rest

Data protected with TLS in transit and provider-managed encryption at rest.

Tenant isolation

Per-tenant/per-organization isolation; your data never shares a brain with anyone else's.

Least-privilege access

Role-based access control and least-privilege principles across systems we build.

Auditability

Immutable audit trails and non-repudiable e-signatures delivered in Part 11 systems.

Secrets management

Secrets held in managed vaults; never embedded in client code.

Secure SDLC

Dependency and secret scanning in CI; security review in the development lifecycle.

Compliance matrix

Framework alignment stated in plain language. We use "delivered / supported / aligned / in progress" precisely — we never claim a certification we don't hold.

FrameworkApplies toStatusWhat it means
HIPAA / HITECHHealthcare clients handling PHISupported · BAA on requestOur architecture supports HIPAA-compliant handling of PHI. We execute Business Associate Agreements on qualifying engagements.
FDA 21 CFR Part 11Life-sciences / regulated recordsDeliveredOur founder led delivery of a cloud-native SaaS platform fully compliant with 21 CFR Part 11 — electronic records, non-repudiable e-signatures, immutable audit trails, and RBAC.
GxP (GMP/GLP/GCP)Regulated life-sciences environmentsAlignedEngagements follow good-practice standards for regulated life-sciences work.
SaMD lifecycle (ISO 13485, IEC 62304, ISO 14971)Software as a Medical DeviceSupportedWe apply medical-device software-lifecycle, quality, and risk-management practices to SaMD work.
SOC 2 Type IIEnterprise SaaS buyersIn progressWe are aligning our controls toward a SOC 2 Type II attestation.
ISO/IEC 27001Enterprise / infosec buyersAlignedOur information-security practices align with ISO/IEC 27001 controls.
NIST CSF 2.0Security-conscious buyersAlignedOur security program is organized around the NIST Cybersecurity Framework.
GDPR / UK GDPREU/UK data subjectsAlignedWe honor data-subject rights and process on a lawful basis.
US state privacy lawsUS residentsAlignedWe honor consumer rights to access, delete, correct, and opt out, and provide a Do Not Sell/Share option.
NIST AI RMF 1.0All AI engagementsAlignedOur AI work follows the NIST AI Risk Management Framework — governance, transparency, and human oversight.
ISO/IEC 42001AI management systemAligned / evaluatingWe are aligning AI-management practices with ISO/IEC 42001.
EU AI ActAI touching the EU marketAware / assessedWe assess AI systems for risk classification and consider high-risk obligations where the EU market is in scope.
WCAG 2.2 AA / ADAAll website visitorsAlignedThis site is built to conform to WCAG 2.2 Level AA.

Statements are reviewed for accuracy before publication. BAAs available on qualifying engagements.

Healthcare & PHI

BAAs on request; PHI handling designed around the HIPAA Privacy, Security, and Breach Notification Rules; EHR/EMR and FHIR experience.

AI governance

We follow the NIST AI Risk Management Framework — human oversight, transparency, and bias mitigation across the model lifecycle.

Accessibility

This site is built to conform to WCAG 2.2 Level AA. Found a barrier? Email [email protected].

Security questions or a concern to report?

[email protected] · [email protected] · [email protected] · AXIOMAIM LLC, Atlanta, GA

Frequently asked questions

Is AxiomAim HIPAA compliant, and can it sign a BAA?+

AxiomAim architects systems that support HIPAA-compliant handling of PHI and executes Business Associate Agreements (BAAs) on qualifying engagements.

Does AxiomAim support FDA 21 CFR Part 11?+

Yes. Its founder led delivery of a cloud-native SaaS platform fully compliant with FDA 21 CFR Part 11 — electronic records, non-repudiable e-signatures, immutable audit trails, and role-based access control.

What security frameworks does AxiomAim align with?+

AxiomAim aligns its practices with SOC 2, ISO/IEC 27001, and the NIST Cybersecurity Framework, and follows the NIST AI Risk Management Framework for AI governance.

How does AxiomAim handle data privacy?+

AxiomAim collects the minimum personal data necessary, does not sell personal information, honors data-subject rights (access, deletion, correction, opt-out), and gates non-essential cookies behind consent.