Resgrid Trust & Security
Your security is very important to us! Here is a summary of what we do every day to guarantee that your data is safe with Resgrid
Secure Hardware
Resgrid operates on a multi-cloud infrastructure and uses ISO 27001 certified data center facilities and relies on the data center providers for physical access control matters.
Encryption
Communications between the client and our sites or APIs are using 256-bit TLS encryption. All data at rest is encrypted with AES-256.
Reliability
Resgrid is built using a modern technology stack that embraces business continuity in multiple layers. Current system availability is more than 99.9% and current availability is on our System Status page.
Roles, Permissions & Identity
Resgrid uses role-based security architecture and requires users to be identified and authenticated prior to use. Departments can configure custom roles and permissions. Enterprise features include Single Sign-On (SSO) via SAML/OIDC, SCIM automated user provisioning, and two-factor authentication (2FA) via TOTP for an added layer of protection.
Audit Logs
Resgrid maintains system level (visible by us) and application level (visible by you) audit logs. These logs track system and user activity and are available within the application. Enterprise and government customers can retain audit history for up to 7 years to meet stringent regulatory and compliance requirements.
Change management
Our change management process is documented and regularly audited. We track individual changes all the way to production. We have several stages of code review and quality assurance before changes are implemented in production.
AI & Chatbot Security
Your Data Never Leaves Resgrid
Resgrid's AI-powered chatbot and natural language understanding engine are built with a security-first architecture. All AI processing — from intent classification to entity extraction to conversation management — runs locally on Resgrid infrastructure. We do not route your dispatch data through external cloud AI providers. Period.
Local ML.NET Processing
Resgrid's primary NLU engine runs entirely on-premises using ML.NET — Microsoft's open-source machine learning framework. Intent classification, entity extraction, and conversation processing happen on Resgrid servers with zero external network calls. No data leaves your infrastructure.
Private Model Inference
When advanced natural language understanding is required beyond keyword matching, Resgrid uses a private model that runs internally on our own infrastructure. This is not a cloud LLM API call — it is a self-hosted model with no dependency on OpenAI, Azure, Anthropic, or any third-party AI provider.
Zero Data Exfiltration
No prompts, user messages, chatbot responses, or operational data ever leave Resgrid systems. Unlike AI features in competing platforms that route sensitive dispatch data through external cloud LLM providers, Resgrid processes everything within its own security boundary — always.
Department-Isolated Models
Each department's custom vocabulary — unit names, personnel names, custom statuses, station designations — is indexed and learned locally. NLU models are trained and served per-department, ensuring no cross-tenant data leakage and full customization without external dependencies.
Air-Gap Capable
Because the AI stack runs entirely on local infrastructure, Resgrid's chatbot and NLU capabilities work in fully air-gapped environments. Government agencies, military installations, and security-sensitive organizations can deploy Resgrid with no internet connectivity and retain full AI functionality.
Full Audit Trail
Every chatbot interaction — inbound messages, classified intents, actions taken, and outbound responses — is logged in the audit trail with timestamps, user identity, and platform metadata. Administrators have complete visibility into what the AI system processed and what actions it performed.
Resgrid is open source — you can audit our AI and NLU code yourself on GitHub. No obfuscated model calls. No hidden API endpoints. Full transparency.
Enterprise & Government
Built for Enterprise & Government Security Requirements
Resgrid provides the advanced security, identity management, and deployment flexibility that enterprise organizations and government agencies demand. From centralized authentication to on-premises hosting, Resgrid is ready to meet the most rigorous security and compliance standards.
Single Sign-On (SSO)
Integrate Resgrid with your organization's identity provider using SAML 2.0 or OpenID Connect. Enforce consistent authentication policies across your entire workforce and simplify user access management.
SCIM User Provisioning
Automate user lifecycle management with SCIM 2.0 support. Automatically provision and deprovision user accounts, sync group memberships, and ensure your Resgrid roster stays in sync with your directory.
Two-Factor Authentication (TOTP)
Add an extra layer of security with time-based one-time password (TOTP) two-factor authentication. Compatible with standard authenticator apps like Google Authenticator, Microsoft Authenticator, and Authy.
Up to 7-Year Audit History
Maintain comprehensive audit trails for up to 7 years to satisfy even the most stringent regulatory and compliance requirements. Full visibility into user activity, configuration changes, and system events.
Self-Hosted & On-Premises Deployment
Run Resgrid on your own infrastructure — in your own data center, private cloud, or air-gapped environment. Maintain full control over your data, meet data sovereignty requirements, and comply with any regulatory mandate.
Hardened Docker Images
Resgrid uses CIS compliant hardened Docker images for all containerized deployments. FIPS and STIG compliant images running in nonroot mode are available for a yearly fee — contact us for pricing and access.
Regulatory & Compliance Ready
Whether you need to meet CJIS, FedRAMP, ITAR, or other government and industry-specific compliance frameworks, Resgrid's flexible deployment and enterprise security features give you the foundation to satisfy any regulatory need.
Need a custom deployment or have specific compliance requirements? Contact our team to discuss how Resgrid can be tailored to your organization's security posture and regulatory obligations.
Certifications
Resgrid is always working toward certifications to help our customers meet their compliance needs. We are currently working on the following certifications:
Resgrid uses TrustCloud to help us manage our certifications and compliance. You can view our TrustCloud profile for more information and check out TrustCloud.ai if your looking for a GRC solution. Once we achieve our certifications we will post them here and update the images above to be the "certified" badges.
Security Through Community
Resgrid is open source software that anyone can download and run, audit and contribute to. Resgrid being open source means there are more eyes looking at our code to spot vulnerabilities. We also have a public security disclosures page.
