Compliance & Trust

Built around the rules that govern legal, medical, and financial practice.

Compliance is not a checklist. It is the architecture. Below is our current posture, certifications in flight, and how we handle data.

0
Incidents since founding
4
Industry compliance regimes
7YRS
Audit log retention
Request the trust pack
Current Posture

Five regimes. One operating posture.

SOC 2 Type II

In Progress

Audit firm engaged Q1 2026, expected Q3 2026.

HIPAA

Active Since Founding

BAA executed before any data flows.

ABA Op. 512

Compliant

UPL indemnification in every legal MSA.

ISO 27001

Aligned

Controls mapped, certification roadmap 2027.

Cyber + E&O

Active

$5M cyber liability, $3M E&O, renewed annually.

By Industry

Different rules. Same architecture.

Legal

PI and AmLaw practices

Reviewed against ABA Model Rules and state UPL doctrine.

  • ABA Op. 512 compliant
  • UPL indemnification in every MSA
  • Attorney review built into every workflow
  • MSA template available on request
Healthcare

Health systems, MSOs, telehealth

PHI handling treated as a compliance regime, not a feature flag.

  • HIPAA active since founding
  • BAA executed before any data flows
  • PHI handling segmented from non-PHI workflows
  • Audit log retained 7 years
Financial Services

RIAs, banks, wealth practices

Content is reviewed before it leaves the building, not after.

  • FINRA-aware content review
  • SOC 2 Type II underway
  • Audit trail per advisor-facing piece
  • Retention compliant with regulatory requirements
Cross-Industry

Applies to every engagement

The controls underneath every practice we run.

  • ISO 27001 aligned
  • $5M cyber liability + $3M E&O
  • SSO + MFA on every internal system
  • Vendor risk assessments per subprocessor
Document Library

Available on request.
Signed within 48 hours.

Email compliance@famaash.com or use the contact form. Most requests are turned around the same business day.

MSA Template Master service agreement (legal practices) Request copy → BAA Template Business associate agreement (healthcare) Request copy → DPA Data processing agreement Request copy → Subprocessor List Current vendors with data access Request copy → SOC 2 Readiness Letter From audit firm, NDA-first Request copy → Cyber + E&O Certificates Insurance certificates, current Request copy → Privacy Policy Public, see /privacy View → Terms of Service Public, see /terms View →
Data Handling

How your data flows through Famaash.

01 Ingress

Ingress

  • Encrypted in transit (TLS 1.3)
  • Authenticated at every boundary
  • Logged with timestamp and source
02 Storage

Storage

  • Encrypted at rest (AES-256)
  • Segmented by client tenant
  • Retained per regulatory requirements
03 Access

Access

  • SSO + MFA on every system
  • Role-based, least-privilege
  • Quarterly access review
Need Something We Haven't Published?

Email compliance@famaash.com.
Most requests answered same-day.

NDA-first when needed. Real person on the other end. Always.

Email compliance team Book a Discovery Call