Compliance & Certifications

Koreshield is designed to help organizations meet strict security and privacy standards. This guide outlines how our architecture supports compliance with major frameworks.

SOC 2 Type II

Koreshield creates an audit trail that is essential for SOC 2 controls.

Security Controls

Access Control: Role-Based Access Control (RBAC) ensures only authorized users can modify security policies.
Monitoring: Real-time logging of all security events and policy violations.
Change Management: Versioned policy configurations allow for safe rollbacks and change tracking.

HIPAA Compliance

For healthcare organizations handling Protected Health Information (PHI).

PHI Protection

Redaction: Automatically detect and redact PHI (names, SSNs, medical record numbers) before data leaves your boundary.
Encryption: All data is encrypted in transit and at rest.
BAA: Enterprise plans include a Business Associate Agreement (BAA).

// Example: Configuring PHI Redaction
const Koreshield = new Koreshield({
  apiKey: process.env.KEY,
  policy: {
    pii: {
      action: 'redact',
      types: ['us_ssn', 'medical_record_number', 'patient_name']
    }
  }
});

Data Sovereignty

Region Locking: Configure Koreshield to process data only within specific EU regions.
Right to Erasure: API endpoints to delete all data associated with a specific user ID.
Data Minimization: We strictly limit data retention periods based on your configuration.

PCI-DSS Requirements

For handling payment card information.

PCI Masking: Automatically mask credit card numbers in logs and prompts.
Audit Logging: Immutable logs of all access to cardholder data flows.

FedRAMP (Government)

Koreshield's GovCloud deployment option ensures:

FIPS 140-2 Validated Encryption
US Persons Only Support
GovCloud Hosting

Contact sales for FedRAMP High package availability.

SOC 2 Type II​

Security Controls​

HIPAA Compliance​

PHI Protection​

GDPR Considerations​

Data Sovereignty​

PCI-DSS Requirements​

FedRAMP (Government)​