Security and compliance infrastructure built for the standards insurance demands.
Trust is earned through transparency — in how data is handled, how access is controlled, how decisions are logged, and how AI operates. Every capability on this page reflects that.
Regulatory
Insurance-specific compliance.
State filing and surplus lines tax
Automated preparation and tracking to support state surplus lines tax filings and regulatory form submissions, with documentation maintained audit-ready across jurisdictions.
Regulatory reporting
Program-level regulatory reports generated on schedule and on demand — formatted for the specific requirements of each state or jurisdiction. Less manual assembly. More consistent output.
DMV and motor vehicle reporting
For auto programs, Hermes supports DMV reporting requirements where applicable — vehicle history, registration status, and program-specific reporting integrated into the platform's compliance layer.
Certifications
Certifications.
SOC2 Type II
Audited controls for security, availability, and confidentiality
ISO 27001
International standard for information security management
Data Privacy
Data privacy and PII protection.
Sensitive data is handled through explicit, automated controls — not manual processes that depend on someone remembering to apply them. Sensitive fields — passwords, API keys, tokens, SSNs, and payment card data — are automatically detected and sanitized from logs and monitoring outputs. No manual redaction. No sensitive data in places it shouldn't be.
Your program logic, rate structures, and configuration are isolated from every other program on the platform by design. What makes your program yours stays yours.
Data Residency
Data residency.
Program data is stored and processed within the applicable region. US and Canada operate in separate, dedicated environments. For programs with specific data residency requirements, the platform's architecture supports jurisdictional separation by design — not as a workaround.
All data subject to applicable regional regulations
Access Control
Access control.
Role-based access control
Every user sees and can act on only what their role requires. Access is configurable per organization, per program, and per team. Nothing is granted by default that isn't needed.
Authentication
Enterprise authentication controls with full audit logging of access events.
Audit Trail
Audit trail.
Every action taken in the platform — every policy change, every billing event, every configuration update, every data access — is logged, timestamped, and access-controlled. Audit logs are write-protected and designed so that historical entries are not modifiable.
When a regulator or auditor asks what happened, when, and why — the answer is in the log. Retrievable immediately. Not reconstructed from memory. Not buried in a spreadsheet.
AI Governance
AI governance.
Explainability
Every AI-influenced decision — risk scoring, anomaly flagging, workflow routing — has a documented basis. Your team, your carriers, and your regulators can see the reasoning.
Human oversight
AI in the platform augments decisions. Where a decision requires human approval, that approval is enforced in the workflow. AI assists. People sign off.
Program-level AI separation
AI operates on your program data for your program's benefit. It does not draw on data from other programs on the platform. What informs your program is specific to your program.
For Every Team
What this means for your teams.
Your legal and compliance team
SOC2, data residency controls, PII sanitization, and a complete audit trail — everything needed to demonstrate compliance to carriers, reinsurers, and regulators. Built in, not assembled from separate tools.
Your leadership team
An AI-native platform with explainability, human oversight, and data separation built into how it operates. You can use it with confidence. You can explain it to anyone who asks.
Explore Hermes™
Continue exploring the platform.
We operate under the same compliance requirements you do.
Our programs run on this platform. Our auditors rely on the same audit trail. Our data is subject to the same residency controls. Our compliance team has signed off on how the platform handles PII. We didn't build this to satisfy a customer requirement. We built it because we needed it ourselves — and because we couldn't afford for it to fail.