Compliance Roadmap
Xolvara compliance: in place today — PCI-DSS SAQ-A, TLS 1.2+, tenant isolation, admin email OTP 2FA, immutable audit logs. In active build — HIPAA program: administrative safeguards, BAA execution with subprocessors, risk analysis, breach notification SOP, workforce training. Planned — SOC 2 Type I following HIPAA attestation, SOC 2 Type II observation window after Type I, annual external pentest.