Compliance dashboard
Where we stand on the frameworks that matter.
Every card below reflects our live compliance posture. We update this page within 30 days of any material change.
Our SOC 2 Type II audit is currently underway with an independent third-party auditor. The audit covers the Trust Services Criteria: Security, Availability, and Confidentiality. Expected completion Q3 2026. Existing customers may request a copy of our interim controls narrative at any time.
A Business Associate Agreement (BAA) is available for all clients who transmit, store, or process Protected Health Information (PHI) through our managed services or AiT products. BAAs are executed at contract time. For AiT Hosted Agents API customers, a white-glove BAA with legal review is included on Professional and Enterprise tiers.
Our data handling practices, sub-processor agreements, and data processing addenda (DPAs) align with GDPR requirements. All personal data of EU residents is handled under Standard Contractual Clauses (SCCs). We maintain a current sub-processor list and provide DPAs on request for clients with EU data subjects.
ISO 27001 certification is on our 2027 roadmap. Our current information security management practices are aligned with ISO 27001 Annex A controls, and we are building the formal ISMS documentation required for certification. Enterprise clients who require ISO 27001 today may request our current ISMS evidence pack for review.
SLA commitments
What we commit to, in writing.
All commitments below apply to Managed IT and AiT product clients. Specific SLAs are incorporated into your service agreement.
| Commitment | Target | Scope | Measurement window |
|---|---|---|---|
|
Platform uptime
All AiT product infrastructure
|
99.9% | AiT Hosted Agents, AiTLLM, AiTBMS, AiTCRM | Rolling 30-day calendar month |
|
API p95 response latency
95th-percentile end-to-end
|
<200ms | REST API endpoints (non-LLM inference calls) | Rolling 7-day window |
|
Critical incident response
P1 incidents — service outage or data exposure
|
<4 hours | All tiers; escalation path defined in SOW | Time from first detection to initial response |
|
Infrastructure monitoring
Uptime, anomaly, and threat detection
|
24/7 | All managed and AiT product infrastructure | Continuous — no maintenance windows |
|
Helpdesk first response
Managed IT helpdesk tickets
|
2 minutes | Managed IT clients (phone / chat channel) | Business hours and after-hours for P1 |
* SLA credits apply to Professional and Enterprise tiers per your service agreement. Starter tier targets are best-effort. Full SLA terms are in your MSA.
Audit history
Recent security and compliance events.
A summary of our five most recent external assessments, scans, and reviews. Detailed reports are available to qualifying clients under NDA.
-
No critical findings
External penetration test
April 2026 — Third-party offensive security firm
-
In progress
SOC 2 Type II audit (in progress)
March 2026 — Independent CPA firm, observation period active
-
Passed
HIPAA risk assessment
January 2026 — Annual HIPAA security rule compliance review
-
0 critical CVEs
Dependency vulnerability scan
November 2025 — Automated SBOM and dependency audit across all AiT product repos
-
99.97% uptime
Infrastructure uptime review
October 2025 — Annual review of GCP uptime, incident response, and SLA adherence
Questions about our security posture?
Our compliance team answers questionnaires, provides evidence packs, and walks prospects through our controls. No slide deck — just direct answers.
Schedule a callPage as of 2026-05-18. Compliance posture reflects current controls; certifications in progress are subject to audit completion. © Intelligent Group (DBA Intelligent iT) · intelligentit.io