<!-- CANARY: REQ=REQ-DOCS-001; FEATURE="Docs"; ASPECT=Documentation; STATUS=TESTED; OWNER=docs; UPDATED=2026-01-15 -->
<p>Geode is designed to help organizations meet stringent regulatory compliance requirements across multiple frameworks including GDPR, HIPAA, SOC2, PCI DSS, and industry-specific regulations. This comprehensive guide covers how Geode’s security features support compliance objectives and best practices for deploying compliant graph database systems.</p>
<h3 id="compliance-framework-overview" class="position-relative d-flex align-items-center group">
<span>Compliance Framework Overview</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="compliance-framework-overview"
aria-haspopup="dialog"
aria-label="Share link: Compliance Framework Overview">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden>
<div class="hsm-dialog" role="document">
<div class="hsm-header">
<h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2>
<button type="button" class="hsm-close" aria-label="Close">
<i class="fa-solid fa-xmark"></i>
</button>
</div>
<div class="hsm-body">
<label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label>
<div class="input-group mb-4 hsm-url-group">
<input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" />
<button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy">
<i class="fa-duotone fa-clipboard" aria-hidden="true"></i>
</button>
</div>
<div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div>
<div class="hsm-share-grid">
<a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-twitter me-2"></i>Twitter
</a>
<a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-linkedin me-2"></i>LinkedIn
</a>
<a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-facebook me-2"></i>Facebook
</a>
</div>
</div>
</div>
</div>
<style>
.heading-share-modal {
position: fixed;
inset: 0;
display: flex;
justify-content: center;
align-items: center;
background: rgba(0, 0, 0, 0.6);
z-index: 1050;
padding: 1rem;
backdrop-filter: blur(4px);
-webkit-backdrop-filter: blur(4px);
}
.heading-share-modal[hidden] { display: none !important; }
.hsm-dialog {
max-width: 420px;
width: 100%;
background: var(--bs-body-bg, #fff);
color: var(--bs-body-color, #212529);
border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
border-radius: 1rem;
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
overflow: hidden;
animation: hsm-fade-in 0.2s ease-out;
}
@keyframes hsm-fade-in {
from { opacity: 0; transform: scale(0.95); }
to { opacity: 1; transform: scale(1); }
}
[data-bs-theme="dark"] .hsm-dialog {
background: #1e293b;
border-color: rgba(255,255,255,0.1);
color: #f8f9fa;
}
.hsm-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem 1.5rem;
border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
background: rgba(0,0,0,0.02);
}
[data-bs-theme="dark"] .hsm-header {
background: rgba(255,255,255,0.02);
border-color: rgba(255,255,255,0.1);
}
.hsm-close {
background: transparent;
border: none;
color: inherit;
opacity: 0.5;
padding: 0.25rem 0.5rem;
border-radius: 0.25rem;
font-size: 1.2rem;
line-height: 1;
transition: opacity 0.2s;
}
.hsm-close:hover {
opacity: 1;
}
.hsm-body {
padding: 1.5rem;
}
.hsm-url-group {
display: flex !important;
align-items: stretch;
}
.hsm-url-group .form-control {
flex: 1;
min-width: 0;
margin: 0;
background: var(--bs-secondary-bg, #f8f9fa);
border-color: var(--bs-border-color, #dee2e6);
border-top-right-radius: 0;
border-bottom-right-radius: 0;
height: 42px;
}
.hsm-url-group .btn {
flex: 0 0 auto;
margin: 0;
margin-left: -1px;
border-top-left-radius: 0;
border-bottom-left-radius: 0;
height: 42px;
display: flex;
align-items: center;
justify-content: center;
padding: 0 1.25rem;
z-index: 2;
}
[data-bs-theme="dark"] .hsm-url-group .form-control {
background: #0f172a;
border-color: #334155;
color: #e2e8f0;
}
.hsm-share-grid {
display: flex;
flex-direction: column;
gap: 0.5rem;
}
.hsm-share-grid .btn {
display: flex;
align-items: center;
justify-content: center;
font-size: 0.9rem;
padding: 0.6rem;
border-color: var(--bs-border-color);
width: 100%;
}
[data-bs-theme="dark"] .hsm-share-grid .btn {
color: #e2e8f0;
border-color: #475569;
}
[data-bs-theme="dark"] .hsm-share-grid .btn:hover {
background: #334155;
border-color: #cbd5e1;
}
</style>
<script>
(function(){
const modal = document.getElementById('headingShareModal');
if(!modal) return;
const input = modal.querySelector('#headingShareInput');
const copyBtn = modal.querySelector('.hsm-copy');
const twitter = modal.querySelector('#share-twitter');
const linkedin = modal.querySelector('#share-linkedin');
const facebook = modal.querySelector('#share-facebook');
const closeBtn = modal.querySelector('.hsm-close');
let lastFocus=null;
let trapBound=false;
function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; }
function isOpen(){ return !modal.hasAttribute('hidden'); }
function hydrate(id){
const url=buildUrl(id);
input.value=url;
const enc=encodeURIComponent(url);
const text=encodeURIComponent(document.title);
if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`;
if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`;
if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`;
}
function openModal(id){
lastFocus=document.activeElement;
hydrate(id);
if(!isOpen()){
modal.removeAttribute('hidden');
}
requestAnimationFrame(()=>{ input.focus(); });
trapFocus();
}
function closeModal(){
if(!isOpen()) return;
modal.setAttribute('hidden','');
if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus();
}
function copyCurrent(){
try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); }
catch(e){ fallback(); }
}
function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} }
function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); }
function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); }
function bindShareButtons(){
document.querySelectorAll('.h-share').forEach(btn=>{
if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; }
});
}
bindShareButtons();
if(document.readyState==='loading'){
document.addEventListener('DOMContentLoaded', bindShareButtons);
} else {
requestAnimationFrame(bindShareButtons);
}
document.addEventListener('click', function(e){
const shareBtn=e.target.closest && e.target.closest('.h-share');
if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); }
}, true);
document.addEventListener('click', e=>{
if(e.target===modal) closeModal();
if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); }
if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); }
});
document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); });
function trapFocus(){
if(trapBound) return;
trapBound=true;
modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } });
}
if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); });
})();
</script><p>Modern enterprises must comply with multiple regulatory frameworks simultaneously. Geode provides the technical controls and capabilities needed to satisfy requirements across:</p>
<ul>
<li><strong>GDPR</strong>: European data protection and privacy regulation</li>
<li><strong>HIPAA</strong>: US healthcare data protection</li>
<li><strong>SOC2</strong>: Service organization security controls</li>
<li><strong>PCI DSS</strong>: Payment card industry data security</li>
<li><strong>ISO 27001</strong>: Information security management</li>
<li><strong>CCPA</strong>: California Consumer Privacy Act</li>
<li><strong>FedRAMP</strong>: US federal cloud security</li>
</ul>
<h3 id="gdpr-compliance" class="position-relative d-flex align-items-center group">
<span>GDPR Compliance</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="gdpr-compliance"
aria-haspopup="dialog"
aria-label="Share link: GDPR Compliance">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>The General Data Protection Regulation (GDPR) imposes strict requirements on organizations that process personal data of EU residents. Geode provides technical capabilities to support GDPR compliance:</p>
<h4 id="right-to-access-article-15" class="position-relative d-flex align-items-center group">
<span>Right to Access (Article 15)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="right-to-access-article-15"
aria-haspopup="dialog"
aria-label="Share link: Right to Access (Article 15)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Data subjects have the right to obtain confirmation of whether their personal data is being processed. Geode supports this through comprehensive query capabilities:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Retrieve</span><span class="w"> </span><span class="py">all</span><span class="w"> </span><span class="py">personal</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">a</span><span class="w"> </span><span class="py">specific</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">subject</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">:</span><span class="nc">Person</span><span class="w"> </span><span class="p">{</span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nv">$data_subject_email</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">r</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">related</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">p</span><span class="p">,</span><span class="w"> </span><span class="py">r</span><span class="p">,</span><span class="w"> </span><span class="py">related</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Find</span><span class="w"> </span><span class="py">all</span><span class="w"> </span><span class="py">locations</span><span class="w"> </span><span class="py">where</span><span class="w"> </span><span class="py">personal</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">appears</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">n</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">n</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nv">$data_subject_email</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">n</span><span class="err">.</span><span class="py">ssn</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nv">$data_subject_ssn</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">OR</span><span class="w"> </span><span class="py">n</span><span class="err">.</span><span class="py">phone</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="nv">$data_subject_phone</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">labels</span><span class="p">(</span><span class="py">n</span><span class="p">),</span><span class="w"> </span><span class="py">properties</span><span class="p">(</span><span class="py">n</span><span class="p">)</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="right-to-erasure-article-17" class="position-relative d-flex align-items-center group">
<span>Right to Erasure (Article 17)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="right-to-erasure-article-17"
aria-haspopup="dialog"
aria-label="Share link: Right to Erasure (Article 17)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Data subjects can request deletion of their personal data. Geode supports complete and auditable deletion:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Delete</span><span class="w"> </span><span class="py">all</span><span class="w"> </span><span class="py">personal</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">a</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">subject</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">:</span><span class="nc">Person</span><span class="w"> </span><span class="p">{</span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nv">$data_subject_email</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">DETACH</span><span class="w"> </span><span class="py">DELETE</span><span class="w"> </span><span class="py">p</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Anonymize</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">while</span><span class="w"> </span><span class="py">preserving</span><span class="w"> </span><span class="py">graph</span><span class="w"> </span><span class="py">structure</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">:</span><span class="nc">Person</span><span class="w"> </span><span class="p">{</span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nv">$data_subject_email</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">SET</span><span class="w"> </span><span class="py">p</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">anonymized</span><span class="nd">@deleted</span><span class="err">.</span><span class="py">local</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">p</span><span class="err">.</span><span class="py">name</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">Deleted</span><span class="w"> </span><span class="py">User</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">p</span><span class="err">.</span><span class="py">ssn</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">NULL</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">p</span><span class="err">.</span><span class="py">phone</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">NULL</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">p</span><span class="err">.</span><span class="py">deleted_at</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">current_timestamp</span><span class="p">()</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div><p>All deletion operations are logged in audit trails with:</p>
<ul>
<li>Timestamp of deletion</li>
<li>User who performed the deletion</li>
<li>Data subject identifier</li>
<li>Reason for deletion (if provided)</li>
<li>Confirmation of cascading deletions</li>
</ul>
<h4 id="right-to-data-portability-article-20" class="position-relative d-flex align-items-center group">
<span>Right to Data Portability (Article 20)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="right-to-data-portability-article-20"
aria-haspopup="dialog"
aria-label="Share link: Right to Data Portability (Article 20)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Data subjects can receive their personal data in a structured, machine-readable format:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Export</span><span class="w"> </span><span class="py">all</span><span class="w"> </span><span class="py">personal</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">in</span><span class="w"> </span><span class="py">structured</span><span class="w"> </span><span class="py">format</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">:</span><span class="nc">Person</span><span class="w"> </span><span class="p">{</span><span class="py">email</span><span class="p">:</span><span class="w"> </span><span class="nv">$data_subject_email</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">OPTIONAL</span><span class="w"> </span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">)</span><span class="err">-</span><span class="p">[</span><span class="py">r</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">related</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">personal_info</span><span class="p">:</span><span class="w"> </span><span class="nc">properties</span><span class="p">(</span><span class="py">p</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">relationships</span><span class="p">:</span><span class="w"> </span><span class="nc">collect</span><span class="p">({</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="kd">type</span><span class="p">:</span><span class="w"> </span><span class="nc">type</span><span class="p">(</span><span class="nc">r</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">target</span><span class="p">:</span><span class="w"> </span><span class="nc">labels</span><span class="p">(</span><span class="py">related</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">properties</span><span class="p">:</span><span class="w"> </span><span class="nc">properties</span><span class="p">(</span><span class="py">r</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">}</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">data_export</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="data-protection-by-design-article-25" class="position-relative d-flex align-items-center group">
<span>Data Protection by Design (Article 25)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="data-protection-by-design-article-25"
aria-haspopup="dialog"
aria-label="Share link: Data Protection by Design (Article 25)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Geode implements privacy-enhancing features by default:</p>
<ul>
<li><strong>Encryption at rest</strong>: All data encrypted using AES-256-GCM</li>
<li><strong>Encryption in transit</strong>: TLS 1.3 for all connections</li>
<li><strong>Pseudonymization</strong>: Support for hashed identifiers</li>
<li><strong>Data minimization</strong>: Field-level access control limits exposure</li>
<li><strong>Purpose limitation</strong>: Row-level security enforces usage boundaries</li>
</ul>
<h4 id="records-of-processing-activities-article-30" class="position-relative d-flex align-items-center group">
<span>Records of Processing Activities (Article 30)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="records-of-processing-activities-article-30"
aria-haspopup="dialog"
aria-label="Share link: Records of Processing Activities (Article 30)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Comprehensive audit logging documents all processing activities:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Configure GDPR-compliant audit logging</span>
</span></span><span class="line"><span class="cl">geode serve --audit-log-level<span class="o">=</span>compliance <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-retention-days<span class="o">=</span><span class="m">2555</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-events<span class="o">=</span>data_access,data_modification,data_deletion,data_export <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-include-legal-basis<span class="o">=</span><span class="nb">true</span>
</span></span></code></pre></div><p>Audit logs capture:</p>
<ul>
<li>What personal data was accessed</li>
<li>When it was accessed</li>
<li>Who accessed it</li>
<li>Purpose of access (via session metadata)</li>
<li>Legal basis for processing</li>
</ul>
<h4 id="breach-notification-article-33" class="position-relative d-flex align-items-center group">
<span>Breach Notification (Article 33)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="breach-notification-article-33"
aria-haspopup="dialog"
aria-label="Share link: Breach Notification (Article 33)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Geode’s security monitoring helps detect and respond to data breaches:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Monitor for unusual access patterns</span>
</span></span><span class="line"><span class="cl">jq <span class="s1">'select(.event_type == "authorization_failure")'</span> audit.log <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="p">|</span> jq -s <span class="s1">'group_by(.user.ip_address) | map(select(length > 10))'</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Identify mass data exports</span>
</span></span><span class="line"><span class="cl">jq <span class="s1">'select(.operation.rows_returned > 1000 and .operation.type == "SELECT")'</span> audit.log
</span></span></code></pre></div>
<h3 id="hipaa-compliance" class="position-relative d-flex align-items-center group">
<span>HIPAA Compliance</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="hipaa-compliance"
aria-haspopup="dialog"
aria-label="Share link: HIPAA Compliance">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>The Health Insurance Portability and Accountability Act requires covered entities to protect health information. Geode provides technical safeguards for HIPAA compliance:</p>
<h4 id="administrative-safeguards" class="position-relative d-flex align-items-center group">
<span>Administrative Safeguards</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="administrative-safeguards"
aria-haspopup="dialog"
aria-label="Share link: Administrative Safeguards">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>164.308(a)(1)(ii)(D) - Information System Activity Review</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Enable comprehensive audit logging for HIPAA</span>
</span></span><span class="line"><span class="cl">geode serve --audit-log-level<span class="o">=</span>comprehensive <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-phi-access<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-retention-days<span class="o">=</span><span class="m">2555</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-log-encryption<span class="o">=</span>aes-256-gcm
</span></span></code></pre></div><p><strong>164.308(a)(3) - Workforce Security</strong></p>
<p>Implement role-based access control:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Create</span><span class="w"> </span><span class="py">roles</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">different</span><span class="w"> </span><span class="py">workforce</span><span class="w"> </span><span class="py">members</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">ROLE</span><span class="w"> </span><span class="py">physician</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">ROLE</span><span class="w"> </span><span class="py">nurse</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">ROLE</span><span class="w"> </span><span class="py">billing_clerk</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">ROLE</span><span class="w"> </span><span class="py">researcher</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Grant</span><span class="w"> </span><span class="py">minimum</span><span class="w"> </span><span class="py">necessary</span><span class="w"> </span><span class="py">permissions</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">GRANT</span><span class="w"> </span><span class="py">SELECT</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="py">Patient</span><span class="w"> </span><span class="py">TO</span><span class="w"> </span><span class="py">physician</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">GRANT</span><span class="w"> </span><span class="py">SELECT</span><span class="p">,</span><span class="w"> </span><span class="py">INSERT</span><span class="p">,</span><span class="w"> </span><span class="py">UPDATE</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="py">MedicalRecord</span><span class="w"> </span><span class="py">TO</span><span class="w"> </span><span class="py">physician</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">GRANT</span><span class="w"> </span><span class="py">SELECT</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="py">Patient</span><span class="w"> </span><span class="py">TO</span><span class="w"> </span><span class="py">nurse</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">assigned_nurse</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">current_user</span><span class="p">()</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">GRANT</span><span class="w"> </span><span class="py">SELECT</span><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="py">BillingInfo</span><span class="w"> </span><span class="py">TO</span><span class="w"> </span><span class="py">billing_clerk</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="physical-safeguards" class="position-relative d-flex align-items-center group">
<span>Physical Safeguards</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="physical-safeguards"
aria-haspopup="dialog"
aria-label="Share link: Physical Safeguards">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>164.310(d) - Device and Media Controls</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Secure backup with encryption</span>
</span></span><span class="line"><span class="cl">geode backup create --encryption<span class="o">=</span>aes-256-gcm <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --output<span class="o">=</span>/secure/backup/location <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --verify-integrity<span class="o">=</span><span class="nb">true</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Secure disposal of old data</span>
</span></span><span class="line"><span class="cl">geode data-purge --before-date<span class="o">=</span>2019-01-01 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --secure-delete<span class="o">=</span>7-pass <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-log<span class="o">=</span><span class="nb">true</span>
</span></span></code></pre></div>
<h4 id="technical-safeguards" class="position-relative d-flex align-items-center group">
<span>Technical Safeguards</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="technical-safeguards"
aria-haspopup="dialog"
aria-label="Share link: Technical Safeguards">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>164.312(a)(1) - Access Control</strong></p>
<p>Unique user identification and automatic logoff:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Configure session security</span>
</span></span><span class="line"><span class="cl">geode serve --session-timeout<span class="o">=</span><span class="m">900</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --require-unique-identifiers<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --automatic-logoff<span class="o">=</span><span class="nb">true</span>
</span></span></code></pre></div><p><strong>164.312(b) - Audit Controls</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Comprehensive audit controls</span>
</span></span><span class="line"><span class="cl">geode serve --audit-events<span class="o">=</span>all <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-log-immutable<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-log-integrity-check<span class="o">=</span>hourly
</span></span></code></pre></div><p><strong>164.312(c) - Integrity Controls</strong></p>
<p>Cryptographic checksums for data integrity:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Enable integrity verification</span>
</span></span><span class="line"><span class="cl">geode serve --data-integrity-checks<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --checksum-algorithm<span class="o">=</span>sha256 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --verify-on-read<span class="o">=</span><span class="nb">true</span>
</span></span></code></pre></div><p><strong>164.312(d) - Person or Entity Authentication</strong></p>
<p>Multi-factor authentication support:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Require MFA for PHI access</span>
</span></span><span class="line"><span class="cl">geode serve --require-mfa<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --mfa-providers<span class="o">=</span>totp,webauthn <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --mfa-grace-period<span class="o">=</span><span class="m">0</span>
</span></span></code></pre></div><p><strong>164.312(e) - Transmission Security</strong></p>
<p>TLS 1.3 encryption for all transmissions:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Enforce secure transmission</span>
</span></span><span class="line"><span class="cl">geode serve --tls-min-version<span class="o">=</span>1.3 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-cipher-suites<span class="o">=</span>TLS_AES_256_GCM_SHA384 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --require-client-certificates<span class="o">=</span><span class="nb">true</span>
</span></span></code></pre></div>
<h4 id="minimum-necessary-standard" class="position-relative d-flex align-items-center group">
<span>Minimum Necessary Standard</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="minimum-necessary-standard"
aria-haspopup="dialog"
aria-label="Share link: Minimum Necessary Standard">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Implement minimum necessary access:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Row</span><span class="err">-</span><span class="py">level</span><span class="w"> </span><span class="py">security</span><span class="w"> </span><span class="py">for</span><span class="w"> </span><span class="py">minimum</span><span class="w"> </span><span class="py">necessary</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">POLICY</span><span class="w"> </span><span class="py">minimum_necessary_physicians</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="py">Patient</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">FOR</span><span class="w"> </span><span class="py">SELECT</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">TO</span><span class="w"> </span><span class="py">physician</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">USING</span><span class="w"> </span><span class="p">(</span><span class="py">assigned_physician</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">current_user</span><span class="p">())</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">POLICY</span><span class="w"> </span><span class="py">minimum_necessary_researchers</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="py">Patient</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">FOR</span><span class="w"> </span><span class="py">SELECT</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">TO</span><span class="w"> </span><span class="py">researcher</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">USING</span><span class="w"> </span><span class="p">(</span><span class="py">patient_id</span><span class="w"> </span><span class="py">IN</span><span class="w"> </span><span class="p">(</span><span class="py">SELECT</span><span class="w"> </span><span class="py">patient_id</span><span class="w"> </span><span class="py">FROM</span><span class="w"> </span><span class="py">research_cohort</span><span class="w"> </span><span class="py">WHERE</span><span class="w"> </span><span class="py">researcher</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="py">current_user</span><span class="p">()))</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">WITH</span><span class="w"> </span><span class="py">COLUMNS</span><span class="w"> </span><span class="p">(</span><span class="py">age</span><span class="p">,</span><span class="w"> </span><span class="py">diagnosis</span><span class="p">,</span><span class="w"> </span><span class="py">treatment</span><span class="p">)</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="py">Exclude</span><span class="w"> </span><span class="py">name</span><span class="p">,</span><span class="w"> </span><span class="py">SSN</span><span class="p">,</span><span class="w"> </span><span class="py">address</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="soc-2-compliance" class="position-relative d-flex align-items-center group">
<span>SOC 2 Compliance</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="soc-2-compliance"
aria-haspopup="dialog"
aria-label="Share link: SOC 2 Compliance">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>Service Organization Control 2 focuses on security, availability, processing integrity, confidentiality, and privacy. Geode supports all five trust service criteria:</p>
<h4 id="security-common-criteria" class="position-relative d-flex align-items-center group">
<span>Security (Common Criteria)</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="security-common-criteria"
aria-haspopup="dialog"
aria-label="Share link: Security (Common Criteria)">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>CC6.1 - Logical and Physical Access Controls</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Implement comprehensive access controls</span>
</span></span><span class="line"><span class="cl">geode serve --rbac-enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --require-authentication<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --password-policy<span class="o">=</span>strict <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --session-security<span class="o">=</span>high
</span></span></code></pre></div><p><strong>CC6.2 - Identification and Authentication</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Strong authentication requirements</span>
</span></span><span class="line"><span class="cl">geode serve --password-min-length<span class="o">=</span><span class="m">14</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --password-complexity<span class="o">=</span>high <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --password-rotation-days<span class="o">=</span><span class="m">90</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --lockout-threshold<span class="o">=</span><span class="m">5</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --lockout-duration<span class="o">=</span>30min
</span></span></code></pre></div><p><strong>CC6.6 - Logical and Physical Access Controls - Vulnerabilities</strong></p>
<p>Regular security updates and vulnerability management:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Check for security updates</span>
</span></span><span class="line"><span class="cl">geode version --check-updates --security-only
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Enable security monitoring</span>
</span></span><span class="line"><span class="cl">geode serve --security-monitoring<span class="o">=</span>enabled <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --vulnerability-scanning<span class="o">=</span>continuous
</span></span></code></pre></div><p><strong>CC7.2 - System Monitoring - Detection of Security Events</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Real-time security monitoring</span>
</span></span><span class="line"><span class="cl">geode serve --security-events<span class="o">=</span>alert <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --alert-channels<span class="o">=</span>email,pagerduty,slack <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --alert-threshold<span class="o">=</span>medium
</span></span></code></pre></div>
<h4 id="availability" class="position-relative d-flex align-items-center group">
<span>Availability</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="availability"
aria-haspopup="dialog"
aria-label="Share link: Availability">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>A1.2 - Environmental Protections</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># High availability configuration</span>
</span></span><span class="line"><span class="cl">geode serve --mode<span class="o">=</span>cluster <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --replication-factor<span class="o">=</span><span class="m">3</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --auto-failover<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --health-check-interval<span class="o">=</span>10s
</span></span></code></pre></div>
<h4 id="processing-integrity" class="position-relative d-flex align-items-center group">
<span>Processing Integrity</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="processing-integrity"
aria-haspopup="dialog"
aria-label="Share link: Processing Integrity">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>PI1.5 - Data Validation</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Schema</span><span class="w"> </span><span class="py">constraints</span><span class="w"> </span><span class="py">ensure</span><span class="w"> </span><span class="py">data</span><span class="w"> </span><span class="py">integrity</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">valid_ssn</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">:</span><span class="nc">Patient</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">p</span><span class="err">.</span><span class="py">ssn</span><span class="w"> </span><span class="py">MATCHES</span><span class="w"> </span><span class="err">'^\</span><span class="py">d</span><span class="p">{</span><span class="py">3</span><span class="p">}</span><span class="err">-\</span><span class="py">d</span><span class="p">{</span><span class="py">2</span><span class="p">}</span><span class="err">-\</span><span class="py">d</span><span class="p">{</span><span class="py">4</span><span class="p">}</span><span class="err">$';</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="py">CONSTRAINT</span><span class="w"> </span><span class="py">valid_email</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ON</span><span class="w"> </span><span class="p">(</span><span class="py">u</span><span class="p">:</span><span class="nc">User</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">ASSERT</span><span class="w"> </span><span class="py">u</span><span class="err">.</span><span class="py">email</span><span class="w"> </span><span class="py">MATCHES</span><span class="w"> </span><span class="err">'^</span><span class="p">[</span><span class="py">a</span><span class="err">-</span><span class="py">zA</span><span class="err">-</span><span class="py">Z0</span><span class="err">-</span><span class="py">9</span><span class="err">.</span><span class="py">_</span><span class="err">%+-</span><span class="p">]</span><span class="err">+@</span><span class="p">[</span><span class="py">a</span><span class="err">-</span><span class="py">zA</span><span class="err">-</span><span class="py">Z0</span><span class="err">-</span><span class="py">9</span><span class="err">.-</span><span class="p">]</span><span class="err">+\.</span><span class="p">[</span><span class="py">a</span><span class="err">-</span><span class="py">zA</span><span class="err">-</span><span class="py">Z</span><span class="p">]{</span><span class="py">2</span><span class="p">,}</span><span class="err">$';</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="confidentiality" class="position-relative d-flex align-items-center group">
<span>Confidentiality</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="confidentiality"
aria-haspopup="dialog"
aria-label="Share link: Confidentiality">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>C1.2 - Encryption of Confidential Information</strong></p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Comprehensive encryption</span>
</span></span><span class="line"><span class="cl">geode serve --encryption-at-rest<span class="o">=</span>aes-256-gcm <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --encryption-in-transit<span class="o">=</span>tls-1.3 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --key-rotation-days<span class="o">=</span><span class="m">90</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --encryption-key-provider<span class="o">=</span>hsm
</span></span></code></pre></div>
<h4 id="privacy" class="position-relative d-flex align-items-center group">
<span>Privacy</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="privacy"
aria-haspopup="dialog"
aria-label="Share link: Privacy">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p><strong>P4.2 - Obtaining Consent</strong></p>
<p>Track consent in the graph:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Model</span><span class="w"> </span><span class="py">consent</span><span class="w"> </span><span class="py">in</span><span class="w"> </span><span class="py">the</span><span class="w"> </span><span class="py">graph</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">:</span><span class="nc">Person</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$person_id</span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nc">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">c</span><span class="p">:</span><span class="nc">Consent</span><span class="w"> </span><span class="p">{</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">purpose</span><span class="p">:</span><span class="w"> </span><span class="err">'</span><span class="nc">marketing</span><span class="err">'</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">granted_at</span><span class="p">:</span><span class="w"> </span><span class="nc">current_timestamp</span><span class="p">(),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">granted_by</span><span class="p">:</span><span class="w"> </span><span class="nv">$person_id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nc">expires_at</span><span class="p">:</span><span class="w"> </span><span class="nc">timestamp</span><span class="p">()</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">duration</span><span class="p">(</span><span class="err">'</span><span class="py">P1Y</span><span class="err">'</span><span class="p">),</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">can_revoke</span><span class="p">:</span><span class="w"> </span><span class="nc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">})</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">CREATE</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">)</span><span class="err">-</span><span class="p">[:</span><span class="nc">GRANTED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="py">c</span><span class="p">)</span><span class="err">;</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="err">--</span><span class="w"> </span><span class="py">Enforce</span><span class="w"> </span><span class="py">consent</span><span class="w"> </span><span class="py">in</span><span class="w"> </span><span class="py">queries</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">p</span><span class="p">:</span><span class="nc">Person</span><span class="w"> </span><span class="p">{</span><span class="py">id</span><span class="p">:</span><span class="w"> </span><span class="nv">$person_id</span><span class="p">})</span><span class="err">-</span><span class="p">[:</span><span class="nc">GRANTED</span><span class="p">]</span><span class="err">-></span><span class="p">(</span><span class="nc">c</span><span class="p">:</span><span class="nc">Consent</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">WHERE</span><span class="w"> </span><span class="py">c</span><span class="err">.</span><span class="py">purpose</span><span class="w"> </span><span class="p">=</span><span class="w"> </span><span class="err">'</span><span class="py">marketing</span><span class="err">'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">AND</span><span class="w"> </span><span class="py">c</span><span class="err">.</span><span class="py">expires_at</span><span class="w"> </span><span class="err">></span><span class="w"> </span><span class="py">current_timestamp</span><span class="p">()</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">p</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="pci-dss-compliance" class="position-relative d-flex align-items-center group">
<span>PCI DSS Compliance</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="pci-dss-compliance"
aria-haspopup="dialog"
aria-label="Share link: PCI DSS Compliance">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>For organizations handling payment card data, Geode supports PCI DSS requirements:</p>
<h4 id="requirement-2-strong-cryptography" class="position-relative d-flex align-items-center group">
<span>Requirement 2: Strong Cryptography</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="requirement-2-strong-cryptography"
aria-haspopup="dialog"
aria-label="Share link: Requirement 2: Strong Cryptography">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># PCI DSS compliant encryption</span>
</span></span><span class="line"><span class="cl">geode serve --encryption-algorithm<span class="o">=</span>aes-256-gcm <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --key-length<span class="o">=</span><span class="m">256</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tls-version<span class="o">=</span>1.3
</span></span></code></pre></div>
<h4 id="requirement-8-strong-access-control" class="position-relative d-flex align-items-center group">
<span>Requirement 8: Strong Access Control</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="requirement-8-strong-access-control"
aria-haspopup="dialog"
aria-label="Share link: Requirement 8: Strong Access Control">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># PCI DSS access controls</span>
</span></span><span class="line"><span class="cl">geode serve --password-min-length<span class="o">=</span><span class="m">15</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --password-complexity<span class="o">=</span>strict <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --mfa-required<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --session-timeout<span class="o">=</span><span class="m">900</span>
</span></span></code></pre></div>
<h4 id="requirement-10-audit-logging" class="position-relative d-flex align-items-center group">
<span>Requirement 10: Audit Logging</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="requirement-10-audit-logging"
aria-haspopup="dialog"
aria-label="Share link: Requirement 10: Audit Logging">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># PCI DSS audit requirements</span>
</span></span><span class="line"><span class="cl">geode serve --audit-log-level<span class="o">=</span>comprehensive <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-log-tamper-proof<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-retention-days<span class="o">=</span><span class="m">365</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --audit-review-frequency<span class="o">=</span>daily
</span></span></code></pre></div>
<h4 id="data-masking-for-pci" class="position-relative d-flex align-items-center group">
<span>Data Masking for PCI</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="data-masking-for-pci"
aria-haspopup="dialog"
aria-label="Share link: Data Masking for PCI">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gql" data-lang="gql"><span class="line"><span class="cl"><span class="err">--</span><span class="w"> </span><span class="py">Mask</span><span class="w"> </span><span class="py">credit</span><span class="w"> </span><span class="py">card</span><span class="w"> </span><span class="py">numbers</span><span class="w"> </span><span class="py">in</span><span class="w"> </span><span class="py">logs</span><span class="w"> </span><span class="py">and</span><span class="w"> </span><span class="py">queries</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">MATCH</span><span class="w"> </span><span class="p">(</span><span class="py">txn</span><span class="p">:</span><span class="nc">Transaction</span><span class="p">)</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="py">RETURN</span><span class="w"> </span><span class="py">txn</span><span class="err">.</span><span class="py">id</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">substring</span><span class="p">(</span><span class="py">txn</span><span class="err">.</span><span class="py">card_number</span><span class="p">,</span><span class="w"> </span><span class="py">0</span><span class="p">,</span><span class="w"> </span><span class="py">4</span><span class="p">)</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="err">'********'</span><span class="w"> </span><span class="err">+</span><span class="w"> </span><span class="py">substring</span><span class="p">(</span><span class="py">txn</span><span class="err">.</span><span class="py">card_number</span><span class="p">,</span><span class="w"> </span><span class="err">-</span><span class="py">4</span><span class="p">,</span><span class="w"> </span><span class="py">4</span><span class="p">)</span><span class="w"> </span><span class="py">AS</span><span class="w"> </span><span class="py">masked_card</span><span class="p">,</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="py">txn</span><span class="err">.</span><span class="py">amount</span><span class="err">;</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="compliance-monitoring" class="position-relative d-flex align-items-center group">
<span>Compliance Monitoring</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="compliance-monitoring"
aria-haspopup="dialog"
aria-label="Share link: Compliance Monitoring">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="automated-compliance-checks" class="position-relative d-flex align-items-center group">
<span>Automated Compliance Checks</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="automated-compliance-checks"
aria-haspopup="dialog"
aria-label="Share link: Automated Compliance Checks">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Run compliance validation</span>
</span></span><span class="line"><span class="cl">geode compliance-check --framework<span class="o">=</span>gdpr,hipaa,soc2 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --report-format<span class="o">=</span>json <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --output<span class="o">=</span>compliance-report.json
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Example output:</span>
</span></span><span class="line"><span class="cl"><span class="c1"># {</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "framework": "GDPR",</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "status": "compliant",</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "checks": {</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "encryption_at_rest": "pass",</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "encryption_in_transit": "pass",</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "audit_logging": "pass",</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "data_retention": "pass",</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "access_controls": "pass"</span>
</span></span><span class="line"><span class="cl"><span class="c1"># },</span>
</span></span><span class="line"><span class="cl"><span class="c1"># "recommendations": []</span>
</span></span><span class="line"><span class="cl"><span class="c1"># }</span>
</span></span></code></pre></div>
<h4 id="compliance-reporting" class="position-relative d-flex align-items-center group">
<span>Compliance Reporting</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="compliance-reporting"
aria-haspopup="dialog"
aria-label="Share link: Compliance Reporting">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Generate compliance reports for auditors:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Generate SOC 2 compliance report</span>
</span></span><span class="line"><span class="cl">geode compliance-report --framework<span class="o">=</span>soc2 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --start-date<span class="o">=</span>2025-01-01 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --end-date<span class="o">=</span>2025-12-31 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --include-evidence<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --output<span class="o">=</span>soc2-report-2025.pdf
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Generate GDPR data processing report</span>
</span></span><span class="line"><span class="cl">geode compliance-report --framework<span class="o">=</span>gdpr <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --report-type<span class="o">=</span>processing-activities <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --include-legal-basis<span class="o">=</span><span class="nb">true</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --output<span class="o">=</span>gdpr-article-30-report.pdf
</span></span></code></pre></div>
<h3 id="best-practices" class="position-relative d-flex align-items-center group">
<span>Best Practices</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="best-practices"
aria-haspopup="dialog"
aria-label="Share link: Best Practices">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ol>
<li><strong>Defense in Depth</strong>: Implement multiple layers of security controls</li>
<li><strong>Regular Audits</strong>: Conduct periodic compliance audits and gap assessments</li>
<li><strong>Documentation</strong>: Maintain detailed documentation of security controls and processes</li>
<li><strong>Training</strong>: Ensure all users understand their compliance responsibilities</li>
<li><strong>Monitoring</strong>: Implement continuous compliance monitoring and alerting</li>
<li><strong>Incident Response</strong>: Develop and test incident response procedures</li>
<li><strong>Third-Party Risk</strong>: Assess compliance of all third-party integrations</li>
<li><strong>Data Lifecycle</strong>: Implement compliant data retention and deletion policies</li>
<li><strong>Encryption Everywhere</strong>: Encrypt data at rest, in transit, and in use</li>
<li><strong>Principle of Least Privilege</strong>: Grant minimum necessary access</li>
</ol>
<h3 id="compliance-certifications" class="position-relative d-flex align-items-center group">
<span>Compliance Certifications</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="compliance-certifications"
aria-haspopup="dialog"
aria-label="Share link: Compliance Certifications">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>Geode undergoes regular third-party audits and maintains certifications:</p>
<ul>
<li><strong>SOC 2 Type II</strong>: Annual audit by independent CPA firms</li>
<li><strong>ISO 27001</strong>: Information security management certification</li>
<li><strong>FedRAMP</strong>: Authorized for US federal government use</li>
<li><strong>HIPAA</strong>: Business Associate Agreement available</li>
<li><strong>GDPR</strong>: Data Processing Agreement available</li>
</ul>
<p>Contact <a
href="mailto:[email protected]"
>[email protected]</a>
for certification documentation.</p>
<h3 id="related-topics" class="position-relative d-flex align-items-center group">
<span>Related Topics</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="related-topics"
aria-haspopup="dialog"
aria-label="Share link: Related Topics">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><a
href="/tags/audit-logging/"
>Audit Logging</a>
- Comprehensive audit logging and compliance tracking</li>
<li><a
href="/tags/row-level-security/"
>Row-Level Security</a>
- Fine-grained access control</li>
<li><a
href="/tags/encryption/"
>Encryption</a>
- Data encryption at rest and in transit</li>
<li><a
href="/tags/governance/"
>Governance</a>
- Data governance policies and enforcement</li>
<li><a
href="/tags/configuration/"
>Configuration</a>
- Security configuration best practices</li>
<li><a
href="/docs/security/overview/"
>Security Overview</a>
- Security documentation</li>
</ul>
Related Articles
Security and Compliance Guide
Configure Geode authentication and policies, enable row-level security, use TDE/FLE with KMS integration, and deploy tamper-evident audit logging
GQL Conformance Profile
ISO/IEC 39075:2024 GQL conformance profile for Geode documenting implementation-defined ordering, pagination, and diagnostics.
Fraud Detection Guide
Detect fraudulent patterns and anomalies using Geode's graph analysis capabilities
Security
Enterprise security features including encryption, authentication, authorization, and compliance for Geode
Audit Logging and Compliance
Comprehensive audit logging system in Geode with tamper-evident hash chains, RFC 5424 syslog integration, and enterprise compliance for SOX, PCI-DSS, …
Governance and Requirements Tracking
CANARY governance system for evidence-based development with 1,735+ markers tracking 2,190+ requirements across automated verification and …