Security · Privacy · Compliance
The controls your privacy officer, CISO and procurement team need.
We design for audit on day one. Every engagement ships with documented controls, mapped to the frameworks your stakeholders already use.
Security controls
Encryption
TLS 1.2+ in transit, AES-256 at rest, customer-managed keys where required.
Data residency
Workloads deployed to Canadian regions (Canada Central / East) by default.
Auditability
Immutable audit logs, access reviews, and consent ledgers for PHI workloads.
Privacy by design
Data minimization, role-based access, retention policies, and PIA-ready documentation.
Secure SDLC
Threat modelling, SAST/DAST, dependency scanning and secret detection in CI.
Roadmap
SOC 2 Type II and ISO 27001 readiness in active development.
Standards we align to
- PHIPA (Personal Health Information Protection Act, Ontario)
- PIPEDA (federal)
- HIPAA / HITECH alignment for US-facing programs
- WCAG 2.1 AA / AODA accessibility
- OWASP ASVS Level 2 baseline
- NIST CSF mapping for risk reporting
Insurance & coverage
Farmasoft Inc. carries active Technology E&O, Cyber and Commercial General Liability coverage. Certificates of insurance are available to qualified buyers on request.
- Technology E&O
- Active — limits available on request
- Cyber liability
- Active — 24/7 incident response retainer
- Commercial General Liability
- Active — $2M per occurrence
- Territorial scope
- Worldwide
- Certificates
- COI issued to qualified buyers on request
Specific carrier, broker and policy details shared under NDA with procurement teams.