Security

Enterprise Security Built for Government

Handling sensitive citizen data requires more than checkboxes. Waymark Lab treats security as a foundational principle — not a feature to be added later.

Our Approach

Security as a Foundation

Government software handles the most sensitive data in people's lives — health records, income information, immigration status, criminal history. We build as if every record matters, because it does.

Our architecture is designed around the principle of least privilege, defense in depth, and continuous monitoring. Every component — from the public-facing form to the caseworker dashboard — is evaluated against government-grade security standards.

We don't offer security as an add-on tier. Every deployment runs on the same hardened infrastructure, with the same access controls, and the same audit logging.

Security Capabilities

Built for Government-Grade Protection

Six core security capabilities that protect citizen data and keep county agencies in compliance.

Role-Based Access Control

Granular permission sets per user role — caseworker, supervisor, read-only, admin. Access is scoped to the minimum necessary for each function. No exceptions.

Encryption at Rest & in Transit

AES-256 encryption for all stored data. TLS 1.3 enforced for all data in transit. Keys managed through Azure Key Vault with automated rotation.

Comprehensive Audit Logging

Every data access, modification, and administrative action is logged with user identity, timestamp, and context. Immutable audit trails for compliance reviews.

Multi-Factor Authentication

MFA required for all staff accounts. Integration with county Active Directory and Azure AD for single sign-on. Phishing-resistant authentication options available.

Network Isolation & Segmentation

Private virtual networks, firewall rules, and zero-trust network architecture. No public endpoints for internal services. All traffic inspected and logged.

Incident Response & Recovery

Documented incident response procedures, 24-hour SLA for critical issues, automated failover, and geo-redundant backups with tested recovery processes.

Compliance Standards

The Standards That Matter for Government

Our platform is built to align with the compliance frameworks required by California county government operations.

HIPAA

Health Insurance Portability and Accountability Act. Required for any platform handling protected health information in Health & Human Services workflows. Our architecture is designed to meet HIPAA technical safeguard requirements.

CJIS

Criminal Justice Information Services Security Policy. Our law enforcement integration capabilities are designed to meet FBI CJIS requirements for data access, transmission, and audit logging.

SOC 2

Service Organization Control 2. Our security controls, availability commitments, and data processing practices are aligned with SOC 2 Type II principles for cloud service providers.

Infrastructure

Built on Microsoft Azure Government Cloud

All Waymark Lab production workloads run exclusively on Microsoft Azure Government — a cloud environment built specifically for U.S. federal, state, and local government. Azure Government provides physical and logical isolation from commercial Azure regions, operated by screened U.S. persons, and meets FedRAMP High, DoD IL2–IL5, and IRS 1075 requirements. Your citizen data never leaves government-controlled infrastructure.

Security Questions?

We Welcome Security Reviews

Our team is happy to walk your IT security or compliance staff through our architecture, controls, and audit documentation.

Request Security Review View Solutions