Skip to content
CortexaNote logo

Compliance

SOC 2 controls operating across security, availability, and confidentiality.

CortexaNote runs its documentation platform under a SOC 2 Trust Services Criteria control framework with continuous monitoring. The Type II observation window is in progress, and a security review packet is available for procurement review today.

Talk to sales Open trust center
Trust signal
SOC-2
Trust signal
Last reviewed May 2026
Trust signal
CortexaNote Trust

Mapped signals

Compliance is expressed as operational proof, not a footer claim.

CortexaNote keeps framework, security control, workflow ownership, and review responsibility visible on one page.

SOC 2
Security
Availability
Confidentiality
Continuous monitoring
Change control
Access review
Incident response
Vendor review
Trust center

Trust packet

Show the proof path before rollout.

A serious safety page makes compliance proof inspectable. CortexaNote keeps that rhythm without pretending gated reports are public downloads.

Security reviews, agreement requests, status checks, and framework evidence are separate artifacts. Keeping them explicit prevents the page from collapsing procurement, operations, and legal review into one vague trust claim.

SOC 2 packet

Request SOC 2 evidence

Ask for the current control summary, security questionnaire, and progress evidence while the Type II observation window completes.

Request packet

Trust center

Open trust center

Live posture, control summaries, security policies, and procurement evidence are published in the CortexaNote trust center.

Open source

Procurement

Request security review

Ask for the right questionnaire response, agreement, or architecture summary for your procurement workflow.

Request packet

Operations

Check system status

Uptime and incident communication live outside marketing copy so operations teams can inspect them directly.

Open source

Controls

Operate clinical documentation like critical infrastructure.

Operational controls for security, availability, and confidentiality.

Identity

01

Security and access review

Workspace membership, account roles, and privileged access are reviewed on a defined cadence with evidence collected through continuous monitoring.

Release

02

Change management

Product changes that affect capture, drafting, import, billing, or authentication require explicit operational review before release.

Reliability

03

Availability and resilience

Status communication, capacity planning, and dependency monitoring keep the service inspectable so teams know where workflow risk lives.

Data

04

Confidentiality controls

Clinical content is encrypted at rest and in transit and handled as sensitive work product through capture, draft, review, and export.

Operations

05

Monitoring and incident response

Detection, logging, and on-call rotations route through the trust and status surfaces rather than being buried in product copy.

Procurement

06

Vendor and subprocessor review

Hosting, communication, AI, and analytics subprocessors are reviewed before they enter the workflow and re-evaluated on a defined cadence.

Data lifecycle

Secure clinical data follows the same path clinicians follow.

The boundary is not one database table. It is the whole journey from patient conversation to approved note.

  1. 01

    Consent and capture

    Clinicians record only inside the authorization, consent, and operating policies required by their organization.

  2. 02

    Encrypt and transfer

    Audio moves from Recorder or browser capture through encrypted transfer into a protected clinical workspace.

  3. 03

    Draft and review

    AI output stays draft work until a qualified clinician checks the note, edits it, and approves the final record.

  4. 04

    Export or delete

    Teams can move approved text into the EHR and keep retention decisions explicit instead of hidden in the tool.

Compliance FAQ

CortexaNote operates a SOC 2 Trust Services Criteria control program with continuous monitoring. The Type II audit observation window is currently in progress; we share the latest progress evidence and control summaries under NDA with prospective customers.

Bring trust review into the rollout conversation.

CortexaNote works best when clinical, operations, procurement, and trust owners evaluate the same Recorder + AI scribe + EHR workflow.

Talk to sales Get Cortexa free