Book a Discovery Call
Home/Compliance

Compliance is the floor.

Every Salutem engagement runs on infrastructure that meets U.S. legal-industry expectations. HIPAA-aligned. BAA-ready. U.S.-originating IP addresses. Audited access. Built in, never bolted on.

01.

Eight things every engagement gets.

A short, deliberate list. Not pages of legalese — practical safeguards your compliance officer will recognize.

i.

HIPAA-aligned operations

Training, monitoring, and policies aligned to current federal healthcare standards. Mandatory at hire, refreshed annually.

ii.

U.S. servers & U.S. IPs

All sessions originate from U.S.-based, encrypted infrastructure. Never foreign-IP traffic into your case-management software.

iii.

BAA & NDA day one

Standard contracts ready for legal review at engagement start. No friction, no surprises.

iv.

Encrypted in transit

TLS 1.2+ end-to-end. No plain-text PHI, PII, or privileged data — ever — between your firm and our pros.

v.

Role-based access

Granular permissions per professional. Revoked instantly on offboarding. Quarterly access reviews.

vi.

Full audit logs

Session-level logging across every tool we touch. Available for export to your compliance team on request.

vii.

Background checks

Criminal, employment, and reference checks completed before any candidate touches a live engagement.

viii.

Conflict-of-interest screening

Each professional confirms no conflicts with your firm's matters at engagement start and quarterly thereafter.

02 · The standards we map to

Aligned to the standards your auditors care about.

Salutem's controls map cleanly to HIPAA, the ABA Model Rules of Professional Conduct, and standard data-protection frameworks. We're not a certified entity for SOC 2 or ISO 27001 today, but we operate to the spirit of both — and document that operation honestly.

If your firm requires specific contractual language, certifications, or audit cooperation, our team can usually accommodate. Talk to us early in the proposal stage.

  • HIPAA — Privacy & Security Rule alignment, BAA standard.
  • ABA Model Rules — confidentiality, supervision, billing transparency.
  • State bar requirements — supervision and unauthorized-practice safeguards.
  • GLBA — financial information safeguards where applicable.
  • FERPA — for firms handling education records.
  • State privacy laws — including CCPA/CPRA, TDPSA, VCDPA.
  • GDPR — for EU-touching client matters.
03.

If something did go wrong.

No security posture is perfect. Here's what we commit to if an incident occurs.

i.

Notify within 24 hrs

If we identify a security event involving your firm's data, you hear from us within 24 hours of confirmation — earlier if material.

ii.

Forensic cooperation

We share access logs, change records, and incident-response timelines with your forensics team or counsel.

iii.

Remediation funded

If the incident traces to our infrastructure or staff, remediation costs are covered through our standard liability provisions.

Need our security overview?

We'll send you the full document — same day.

Request security overview security@salutemstaffing.com