Built for healthcare's most sensitive decisions
Forsure protects employer, benefits, and health data with security and compliance engineered into the platform, not layered on after the fact.
Independently certified. Continuously verified.
Forsure is held to the standards the organizations we serve require when sensitive benefits and health data are involved.
SOC 2
Audited controls covering the security, availability, and confidentiality of our systems.
HIPAA
Engineered to meet HIPAA requirements for protected health information, with BAAs available.
AI RMF
Aligned to the NIST AI Risk Management Framework for trustworthy, accountable AI.
TX-RAMP
Authorized at TX-RAMP Level II for cloud services used by Texas public-sector and higher-education organizations.
HiTrust
HiTrust certification is currently underway as we deepen our assurance program.
Security designed into every layer
From infrastructure to AI, Forsure protects your data at every step of the decision.
Security by design
Security and compliance are built into the SureSystem architecture from day one, not layered on after the fact.
Your data stays yours
Forsure does not use your data to train foundation models. Your information is used to serve you, and only you.
Encryption end to end
Data is encrypted in transit and at rest using industry-standard protocols, so sensitive information stays protected.
Controlled access
Role-based permissions, least-privilege access, and modern authentication keep data limited across multi-tennet infastructure.
Continuous monitoring
Forsure's environment is monitored on an ongoing basis, with regular audits and independent assessments.
Governed, accountable AI
Forsure's agentic AI operates within defined guardrails, with human accountability at every consequential step.
Trust is the foundation of decision intelligence
Forsure helps HR and finance leaders make decisions on cost, risk, and care. Those decisions are only as trustworthy as the system behind them, so we treat security, privacy, and governance as core product, not paperwork.
Compliance built into the architecture
Rather than retrofitting controls, Forsure builds encryption, access management, audit logging, and data governance into the platform itself. Frameworks like SOC 2, HIPAA, and the AI RMF map to controls that are already in place and verifiable.
Responsible, governed AI
Forsure is AI-native and agentic by design. Our systems observe, decide, and act within defined guardrails, with human oversight and accountability for consequential decisions. Aligning to the NIST AI Risk Management Framework keeps that autonomy transparent and controllable.
Verification, on the record
Independent audits, assessments, and a continuously updated Trust Center mean our security posture is something your team can review and validate, not just take on faith.
We earn trust the way regulated industries expect it: continuously, and on the record.
Everything your security team needs, in one place
Our Trust Center gives security, privacy, and procurement teams continuous access to Forsure's certifications, policies, sub-processors, and security documentation, ready for your next vendor review.
Go to the Trust CenterSecurity & compliance questions
The questions security, privacy, and procurement teams ask us most.
Yes. Security and compliance are built into the platform's architecture, not layered on afterward. Forsure is SOC 2 certified, HIPAA compliant, and aligned with the NIST AI Risk Management Framework (AI RMF). HiTrust certification is in progress.
No. Forsure does not use customer data to train foundation models. Your data is used to deliver the service to you, and it is never sold.
Data is encrypted in transit and at rest using industry-standard protocols. Access is governed by role-based, least-privilege controls and modern authentication, and the environment is continuously monitored.
Forsure is engineered to meet HIPAA requirements for handling protected health information. A Business Associate Agreement (BAA) is available for customers who require one.
Forsure's agentic AI operates within defined guardrails, with human accountability for consequential decisions. Our governance program is aligned to the NIST AI Risk Management Framework.
Yes. Forsure's controls are validated through independent audits and assessments. Summary documentation is available through the Trust Center.
Visit trust.forsure.ai for certifications, policies, sub-processors, and documentation. Additional materials are available under NDA to support an active security review.
Customers can request an export of their data, after which it is deleted in line with our data retention policy and contractual commitments.
Access is governed by role-based and attribute-based permissions with least-privilege defaults, and every request is authenticated, authorized, and logged. These controls are enforced across our multi-tenant infrastructure, where each customer's data is logically isolated so one tenant can never reach another's.
Yes. We welcome security reviews from prospective customers' teams — including security questionnaires, architecture and control walkthroughs, and reviews of our security protocols. Transparency is how we build trust, and we'll share documentation and respond to diligence requests under NDA through the Trust Center.
