# Compliance and governance

Union.ai maintains industry-recognized certifications and aligns its security practices with established frameworks. The platform's architecture (with strict data residency, tenant isolation, and control plane / data plane separation) inherently supports compliance requirements across regulated industries. This section covers certifications, regulatory alignment, organizational security practices, and vulnerability management.

This section covers:

* [Certifications and Trust Center](https://www.union.ai/docs/v2/union/security/compliance/certifications/page.md): Summary of all certifications, SOC 2 Type II detail, and the Trust Center.
* [HIPAA compliance](https://www.union.ai/docs/v2/union/security/compliance/hipaa/page.md): How Union.ai supports HIPAA requirements for Protected Health Information.
* [GDPR alignment](https://www.union.ai/docs/v2/union/security/compliance/gdpr/page.md): Data residency and the EU-region deployment model.
* [Standards compliance](https://www.union.ai/docs/v2/union/security/compliance/standards/page.md): ISO 27001 and CIS benchmark control mappings.
* [Shared responsibility model](https://www.union.ai/docs/v2/union/security/compliance/shared-responsibility/page.md): Responsibility allocation for self-managed and BYOC deployments.
* [Organizational security](https://www.union.ai/docs/v2/union/security/compliance/organizational-security/page.md): Employee security lifecycle, governance controls, and the security development lifecycle.
* [Vulnerability management](https://www.union.ai/docs/v2/union/security/compliance/vulnerability-management/page.md): Vulnerability assessment, patch management, incident response, and third-party dependency risk.

## Subpages

- [Certifications and Trust Center](https://www.union.ai/docs/v2/union/security/compliance/certifications/page.md)
  - Certifications overview
  - SOC 2 Type II
  - Trust Center
  - Verification
  - Certifications
- [HIPAA compliance](https://www.union.ai/docs/v2/union/security/compliance/hipaa/page.md)
  - Verification
  - HIPAA compliance
- [GDPR alignment](https://www.union.ai/docs/v2/union/security/compliance/gdpr/page.md)
  - Verification
  - GDPR alignment
- [Standards compliance](https://www.union.ai/docs/v2/union/security/compliance/standards/page.md)
  - Verification
  - Standards compliance
- [Shared responsibility model](https://www.union.ai/docs/v2/union/security/compliance/shared-responsibility/page.md)
  - Self-managed
  - BYOC shifts
  - Verification
  - Shared responsibility model
- [Organizational security](https://www.union.ai/docs/v2/union/security/compliance/organizational-security/page.md)
  - Employee security lifecycle
  - Governance
  - Security development lifecycle
  - Verification
  - Organizational security
- [Vulnerability management](https://www.union.ai/docs/v2/union/security/compliance/vulnerability-management/page.md)
  - Vulnerability assessment
  - Patch management
  - Incident response
  - Third-party dependency risk
  - Verification
  - Vulnerability management

---
**Source**: https://github.com/unionai/unionai-docs/blob/main/content/security/compliance/_index.md
**HTML**: https://www.union.ai/docs/v2/union/security/compliance/