Skip to main content
    iTmethods
    Security & Trust

    Enterprise AI. Governed.

    iTmethods is the trust layer for enterprise AI. This page documents the security posture across Reign, the AI Governance Platform, and Forge, Managed Runtime + Modern DevOps. Reign for Life Sciences extends the same evidence model into FDA, EMA, and HIPAA scope.

    Audit-committee briefing

    Certifications & frameworks

    One architecture. Many regulators.

    Forge maintains SOC 2 Type II audit posture continuously. Reign produces regulator-grade evidence mapped to global frameworks. Reign for Life Sciences extends the same evidence model into FDA, EMA, and HIPAA scope.

    SOC 2 Type IIForge

    Certified

    Audit posture maintained continuously since 2018.

    ISO 27001Cloud Practice

    Audit posture

    Aligned to the iTmethods cloud-practice audit posture across customer-cloud and managed-runtime engagements.

    HIPAAReign for Life Sciences · Reign

    Evidence-ready

    Reign for Life Sciences deployments and Reign Audit Ledger produce HIPAA-aligned artifacts.

    FedRAMPReign

    Evidence-ready

    Reign produces evidence aligned to FedRAMP Moderate/High control families.

    EU AI ActReign

    Evidence-ready

    Reign Assurance Packs map to AI Act Article 9, 10, 12, 14, 15 obligations.

    DORAReign · Forge

    Evidence-ready

    Third-party ICT risk evidence and incident reporting mapped to DORA articles.

    FINOS AIGF v2.0Reign

    Evidence-ready

    Reign is aligned to FINOS AI Governance Framework v2.0, including the new agentic AI risk categories. Coverage scope is documented per engagement.

    21 CFR Part 11Reign for Life Sciences

    Evidence-ready

    GxP validation and electronic records aligned to FDA 21 CFR Part 11.

    Data practices

    Encryption. Isolation. Evidence.

    The architectural choices regulated enterprises actually need a vendor to be specific about.

    Encryption in transit

    TLS 1.3 with HSTS preload across itmethods.com and all subdomains. No mixed content. Certificate transparency monitored.

    Encryption at rest

    AES-256 across managed infrastructure. Customer-managed keys (BYOK) supported in Forge and Reign for Life Sciences single-tenant deployments.

    Tenant isolation

    Reign and Reign for Life Sciences deploy single-tenant by default. Forge supports both managed multi-tenant and dedicated single-tenant operating models.

    Evidence by design

    Reign's Audit Ledger produces tamper-resistant, identity-attributed audit artifacts continuously. Not as an end-of-quarter compliance ritual.

    Security headers

    What we send on every response.

    Defense in depth on the marketing surface. Verifiable from any browser dev-tools network tab.

    Strict-Transport-Security
    max-age=63072000; includeSubDomains; preload

    HSTS preload. 2-year max-age, all subdomains, browser-baked

    X-Frame-Options
    DENY

    Clickjacking protection. iTmethods.com cannot be framed

    X-Content-Type-Options
    nosniff

    MIME-sniffing disabled

    Referrer-Policy
    strict-origin-when-cross-origin

    Referer leak prevention

    Permissions-Policy
    camera=(), microphone=(), geolocation=()

    All sensitive APIs disabled by default

    Content-Security-Policy
    Report-Only (telemetry mode)

    Active on every response. Enforced mode rolling out per Cycle 3.2

    Static assets (/_next/static/*) and the dynamic OG image endpoint (/api/og) carry additional cache-control headers tuned for CDN edge serving.

    Reporting & contact

    Three ways to reach us.

    Researchers, customers, and audit committees each have a direct path.

    Vulnerability disclosure

    RFC 9116 security.txt at /.well-known/security.txt. Email security@itmethods.com. We acknowledge within 2 business days, triage within 5, and communicate a resolution timeline within 10.

    Read security.txt

    Compliance & audit evidence

    Customers under contract can request SOC 2, ISO 27001, HIPAA, and DORA evidence through their account team or by emailing trust@itmethods.com.

    Request evidence

    Audit-committee briefing

    Board and audit-committee briefings on the Reign evidence architecture, EU AI Act readiness, and DORA third-party AI risk are available on request.

    Brief our committee

    Direct contact

    Safe-harbor language and response targets are documented in security.txt.

    Architecture references

    Read the long-form.

    AI Governance

    114 Days. The EU AI Act Enforcement Clock

    Read the article

    Architecture

    The AI Governance Stack Was Built for the Wrong Problem

    Read the article

    Latest

    96 Days, Maybe 600. The infrastructure answer is the same

    Read the article

    Where we operate

    iTmethods Inc. is headquartered in Toronto, Canada. We operate in Austin, TX (US Sales & Customer Success) and have engineering, support, and compliance resources in Dublin (Ireland), Bangalore (India), and Eastern Europe. Customer workloads run in regions selected for jurisdiction and data-residency requirements. AWS regions for Forge and Reign, FedRAMP-aligned regions where required, and on-prem or sovereign cloud for Reign for Life Sciences and Reign single-tenant deployments.

    Read the company overview at itmethods.com/about.