All data is encrypted using AES-256 at rest. Data in transit is protected via TLS 1.2 or higher. Cryptographic implementations align with FIPS 140-2 validated modules.
Each customer environment is logically separated. Network segmentation, dedicated storage accounts, and isolated compute resources prevent any cross-tenant data access.
All data is stored and processed within the United States. For Azure Government and self-hosted deployments, data remains within the specified compliance boundary.
For cloud-hosted AI services (Azure OpenAI, Gemini on Vertex, Anthropic), we use API configurations where customer prompts and responses are not retained or used for model training.
We configure all AI service API endpoints with zero data retention policies. Customer prompts and AI responses are processed in real-time and are not stored, logged, or used for model training by AI service providers.
We support integration with enterprise identity providers including Microsoft Entra ID (Azure AD) through OIDC, Okta, and other SAML 2.0 compliant systems. Multi-factor authentication is required for all user access.
Procurement Sciences personnel access to customer environments is restricted and logged. Access reviews are conducted on a regular, documented schedule.
We conduct regular vulnerability scanning of infrastructure and applications. Third-party penetration testing is performed annually, with executive summary available upon request.
Commercial Cloud / Government Cloud
Comprehensive audit logs capture user activity, data access, API interactions, and administrative actions. Logs are retained per customer requirements and are available upon request.
Fully isolated on portable hardware
We maintain a documented incident response plan. Customers are notified of confirmed security incidents affecting their data within 72 hours of discovery, or sooner if required by contract.
Corporate Private Cloud / Direct to server
