ATStatus
ATStatus WikiLoading documentation...

Compliance & Certifications

ATStatus is built with enterprise compliance requirements in mind. Learn about our security posture, regulatory alignment, and compliance-ready features.

Compliance Readiness vs. Certification: ATStatus provides the technical controls and features needed for compliance. Actual certification depends on your organization's implementation, policies, and third-party audits.
GDPR / AVG
✓ Controls Ready

Technical controls for GDPR including cookie consent management, data export, and privacy-by-design architecture.

ISO 27001
✓ Controls Aligned

Security controls aligned with ISO 27001 requirements, including access control, audit logging, and data protection.

SOC 2 Type II
✓ Controls Ready

Trust Services Criteria coverage for Security, Availability, and Confidentiality with comprehensive audit controls.

Audit Trail
✓ Implemented

Tamper-proof, hash-chained audit logging with complete activity tracking and forensic capabilities.

Implemented Security Controls

Access Control (A.9)
  • Role-based access control with 4 hierarchical roles
  • 50+ granular permissions
  • Step-up authentication for sensitive operations
  • Two-factor authentication (TOTP)
  • Session management with forced logout capability
Logging & Monitoring (A.12.4)
  • Complete audit trail of all administrative actions
  • Hash-chained logs for tamper evidence
  • IP address and user agent tracking
  • Severity-based event classification
  • Searchable and exportable logs
Cryptography (A.10)
  • SHA-256 password hashing with salting
  • HMAC-signed session tokens
  • API keys hashed before storage
  • CSRF token protection
  • Secure cookie configuration
Operations Security (A.12)
  • Input validation with Zod schemas
  • Rate limiting on API endpoints
  • Parameterized database queries (Prisma ORM)
  • Self-test diagnostics
  • System health monitoring

Self-Hosted Advantage

ATStatus is 100% self-hosted, providing significant compliance benefits:

Data Sovereignty: Your data stays in your infrastructure
No Third-Party Risk: No external SaaS dependencies
Full Control: Complete control over data and encryption
Audit Access: Direct access to all logs for auditors
Important Disclaimer: Compliance certification requires organizational policies, procedures, and third-party audits beyond technical implementation. ATStatus provides the technical foundation — your organization is responsible for the complete compliance program.