Security & Trust

Govern readiness evidence without taking on operational or patient data.

CitiriOS is the system of record for owner readiness — criteria, evidence references, gates, and decisions — built on SSO, role-based access, audit logging, and evidence traceability, and architected so activation-readiness workflows do not require PHI.

Request the Security Pack See how integrations work

Controls

Enterprise controls owners and IT expect.

CitiriOS runs on identity, access, and audit patterns aligned to the owner's enterprise stack.

Single sign-on

SSO via the owner's identity provider — SAML / OIDC, with provisioning.

Role-based access

RBAC scoped to programs, gates, and evidence — least privilege by default.

Audit logs

Immutable audit trail on evidence, gate decisions, and acceptance.

Evidence traceability

Every criterion links to its accepted evidence, owner, and decision.

Data architecture

A readiness layer that references — not absorbs — the owner's data.

CitiriOS governs readiness criteria, evidence references, gates, and decisions. It links to documents and operational systems through OpsCenter rather than copying their contents — so the source of truth stays where it belongs.

✓ Activation-readiness workflows require no PHI.
✓ Evidence can be referenced in place via document systems.
✓ Data lineage and traceability through OpsCenter.

Data boundary

CitiriOS Criteria · evidence references · gates · decisions

references, does not copy

Owner systems Documents · PMIS · EAM/CMMS · operational data

Sensitive operational and patient data stays in the owner's systems of record.

Governed AI

Opti suggests, surfaces, and summarizes — humans approve.

Opti reasons over governed readiness data with cited reasoning. It never approves, accepts, or makes regulatory decisions; any recommendation affecting evidence or a gate routes to a human for approval.

See how Opti is governed

Compliance documentation Available on request under NDA

The security pack covers our control environment, hosting and data architecture, access and audit model, sub-processors, and current attestations and roadmap.

Control environment

Hosting, encryption in transit and at rest, and backup posture.

Access & audit model

SSO, RBAC, and audit-log detail for procurement and IT review.

Attestations & roadmap

Current certifications and planned attestations, shared under NDA.

Specific certifications and BAA/HITRUST applicability are confirmed during security review rather than asserted on this page.

Security & Trust

Request the CitiriOS security pack.

Get the control environment, data architecture, access and audit model, and current attestations for your procurement and IT review.

Request the Security Pack Book a Working Demo