Compliance roadmap
- SOC 2 Type II: In progress, target completion Q4 2026
- ISO 27001: Control framework in implementation
- Customer security questionnaires: Supported
Security & Compliance
Security-first architecture with transparent compliance posture
Built for teams that need hardening depth, audit evidence, and enterprise trust controls.
Read-Only Model
Collection boundaries and control guarantees
Use this matrix to validate how Identrail collects trust data and where write actions are intentionally excluded.
| Control area | What Identrail does | What Identrail does not do |
|---|---|---|
| Identity metadata collection | Read-only API calls for identity, policy, and relationship metadata | No secret material ingestion, no credential writeback |
| Policy simulation | Simulation engine evaluates proposed changes against collected graph state | No direct policy mutation during simulation |
| Remediation workflow | Action plans and exportable recommendations | No automatic enforcement without explicit operator action |
Security program
- Vulnerability disclosure via security.txt
- Third-party penetration testing summary available under NDA
- Secure SDLC with code scanning and dependency management
Data residency
- Hosted SaaS regions: US and EU
- Enterprise private tenancy options
- Self-hosted deployment for full data control
Trust center operations
- Documented incident response runbook
- Encryption in transit and at rest
- Role-based access and least-privilege internal controls