Back to Home

Compliance

Meet regulatory requirements with SOC 2 Type II certification, HIPAA-compliant audit logs, GDPR support, and comprehensive data protection.

Certifications

SOC 2 Type II

Annual third-party security audit

GDPR

EU data protection compliance

HIPAA

Healthcare data compliance ready

ISO 27001

Information security management

Audit Logs

Comprehensive, immutable audit logs for all user and system activities:

Query Audit Logsbash
curl "https://api.accessiq.io/v1/audit-logs?start=2024-01-01&end=2024-01-31" \
  -H "Authorization: Bearer YOUR_API_KEY"

# Response
{
  "logs": [
    {
      "id": "log_abc123",
      "timestamp": "2024-01-15T10:30:00Z",
      "actor": {
        "type": "user",
        "id": "user_123",
        "email": "john@acme.com"
      },
      "action": "user.login",
      "resource": {
        "type": "organization",
        "id": "acme-corp"
      },
      "metadata": {
        "ip": "192.168.1.100",
        "userAgent": "Mozilla/5.0...",
        "method": "oidc",
        "idpProvider": "azure-ad"
      },
      "result": "success"
    }
  ],
  "pagination": {
    "total": 15420,
    "page": 1,
    "limit": 100
  }
}

Logged Events

Authentication

  • user.login / user.logout
  • user.login_failed
  • mfa.enabled / mfa.disabled
  • password.changed / password.reset

User Management

  • user.created / user.deleted
  • user.updated / user.suspended
  • role.assigned / role.revoked
  • invitation.sent / invitation.accepted

Organization

  • organization.created / organization.deleted
  • settings.updated
  • idp.configured / idp.removed
  • scim.sync.completed

Security

  • break_glass.requested
  • api_key.created / api_key.revoked
  • session.revoked
  • suspicious_activity.detected

Data Retention

Configure data retention policies to meet compliance requirements:

Audit Logs

Up to 7 years retention (HIPAA compliant)

User Data

Configurable retention with automatic purge

Data Export

Full data export for GDPR Article 20 compliance

Data Export (GDPR)

Export user data for GDPR data portability requirements:

Request Data Exportbash
curl -X POST https://api.accessiq.io/v1/data-exports \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "user_123",
    "format": "json",
    "includeAuditLogs": true,
    "notifyUser": true
  }'

# Response
{
  "exportId": "export_abc123",
  "status": "processing",
  "estimatedCompletion": "2024-01-15T11:00:00Z"
}

Data Encryption

Encryption at Rest

AES-256 encryption for all stored data with cloud HSM key management

Encryption in Transit

TLS 1.3 for all API communications with certificate pinning support

Field-Level Encryption

Additional encryption for sensitive PII fields like SSN, passport numbers

Compliance Reports
Contact your account manager to request SOC 2 reports, penetration test results, or other compliance documentation.