Trust & security
Three things matter for trust on a cloud, AI, and hardware engagement.
Who owns the tenants and the data. Who has access. What happens if we walk away. Short answers below.
Tenant and data ownership
Your tenants. Your licenses. Your hardware.
Cloud tenants (Microsoft 365, Google Workspace, AWS, Azure, GovCloud) are stood up in your name from day one. AI licenses are owned by your organization, not by AC5. At any point in the engagement or after, you can pull a full data export in standard formats. No fees. No extraction charges.
Access
Named accounts. MFA. Audit logs. Scoped to the engagement.
During an engagement, AC5 Labs has whatever access is needed to do the work, scoped to the project and reduced to a documented support tier at handoff. We use named accounts, MFA, and audit logs. We do not use shared credentials. We do not subcontract work offshore without disclosing it first.
Continuity
If we shut down tomorrow, your operation keeps working.
You have the tenants, the licenses, the hardware, and the documented runbooks. Any competent IT operator (in-house or another partner) can pick up where we left off. We design for this on purpose.
Deeper postures
Two longer reads.
The three answers above are the short version. The standard AC5 deploys to, and the HIPAA-specific posture for engagements that touch PHI, live on dedicated pages.
Security standard
Built to NIST 800-171 by default.
The 14 control families, how each shows up in an engagement, and how CMMC, HIPAA, SOC 2, and FedRAMP relate to it. CMMC Level 2-ready posture from day one.
Read the security standard →
HIPAA posture
BAA, controls, hosting, wipe, SRA.
For any engagement that touches PHI. Six-pillar posture, what we sign before access, what you keep at handoff.
Read the HIPAA posture →
More questions about access, ownership, or handoff?
Ask on the discovery call. We will give you straight answers and put the commitments in the written quote.