New 2026 HIPAA Security Rule requirements are now in effect. Get the free compliance guide →
Canada's Compliance Platform HIPAA · ITSG-33 · SOC-2

Compliance.
Automated.
Audit-Ready.

Iron Fort replaces manual compliance spreadsheets, expensive consultants, and annual checkbox reviews with a continuous, automated platform built for Canadian government, healthcare, and SaaS teams.

Book a Free Strategy Call Free Resources
Available on AWS Marketplace
RFSA / SLSA Eligible
No long-term contract required

Free · No Obligation

Book Your Strategy Call

Tell us about your compliance needs and we'll match you with the right solution in 30 minutes.

Your info is never sold or shared.

$2.3M
Max HIPAA Fine / Incident
73%
Faster Audit Prep
100+
Controls Automated
Weeks
Not Months to Compliance

Trusted Procurement Channels

AWS MARKETPLACE

GOV. OF CANADA · RFSA

TBIPS · CSPV · PROSERVICES

SLSA · SOFTWARE LICENSING

Solutions

One Platform. Every Framework.

Whether you're a healthcare organization, a government agency, or a growth-stage SaaS startup, Iron Fort has a purpose-built compliance path for you.

Most Popular

HIPAA Compliance

Real-time monitoring of all HIPAA safeguards — encryption, MFA, access logs, and BAA tracking — purpose-built for healthcare organizations and their business associates.

  • Live safeguard monitoring
  • AI Policy Review
  • OCR audit workflows
  • Breach response playbooks
Book HIPAA Demo → Learn More →
Canada

ITSG-33 (Canada)

Purpose-built for federal, provincial, and municipal government. Automates SA&A processes, control selection, evidence collection, and Protected A/B profile compliance.

  • Automated SA&A readiness
  • Protected A & B profiles
  • Power BI dashboards
  • RFSA / SLSA eligible
Book ITSG-33 Demo → Learn More →

SOC-2 for SaaS

Fast-track your SaaS platform to SOC-2 certification in weeks, not months. Pre-built controls, guided evidence collection, and startup-friendly pricing through AWS Marketplace.

  • Pre-mapped SOC-2 controls
  • Cloud-native integrations
  • AWS FTR ready
  • Audit-ready documentation
Book SaaS Demo → Learn More →

Audit & Assessment Firms

Give your consulting practice a live, portfolio-wide compliance monitoring tool that converts one-time assessments into trackable programs. Impress clients. Close more engagements.

Learn More →
Continuous Monitoring

Automated Scans Across
Your Entire Stack

Iron Fort connects to your cloud infrastructure, identity providers, and DevOps tooling — running 24/7 compliance checks and surfacing drift before it becomes an audit finding.

AWS

Amazon Web Services

S3 bucket policies, IAM roles, CloudTrail logging, VPC security groups, and encryption-at-rest checks.

Google Cloud

GCS bucket ACLs, IAM bindings, Cloud Audit Logs, Compute firewall rules, and KMS key rotation.

Microsoft Azure

Entra ID MFA enforcement, Storage Account public access, NSG rules, Key Vault access policies, and Defender alerts.

Microsoft 365

Conditional access policies, external sharing settings, DLP rules, audit log retention, and Teams data residency.

GitHub

Branch protection rules, secret scanning, dependency alerts, org SSO enforcement, and repo visibility controls.

Azure DevOps

Pipeline security policies, artifact feed permissions, board access controls, and audit stream configuration.

All integrations use read-only API access — no agents to install, no firewall changes required. Ask about custom connectors →

How It Works

From First Call to
Audit-Ready in Weeks

No 6-month consultant engagements. No spreadsheet fire drills. Iron Fort gets you compliant fast — and keeps you there continuously.

1

Book a Free Strategy Call

30 minutes with a compliance expert. We map your current state, identify your highest-risk gaps, and recommend the fastest path to compliance.

2

Deploy & Connect Your Environment

Connect Iron Fort to your AWS, Azure, GCP, or on-premises infrastructure. Pre-built integrations get you live in hours, not weeks.

3

Automated Continuous Monitoring

Iron Fort runs 24/7, monitoring every safeguard, collecting evidence, and alerting you to gaps before they become violations or audit findings.

4

Walk Into Every Audit Confident

Generate complete audit packages with one click. All evidence, all policies, all documentation — organized, timestamped, and audit-ready.

Step 1 Starts Here

Request Your Free
Compliance Assessment

Get a personalized gap report and compliance roadmap — free, no strings attached.

Get My Free Assessment →

Free HIPAA Readiness Checklist

A 47-point checklist used by compliance teams across 200+ healthcare organizations.

Download Free →
Platform Features

Everything You Need.
Nothing You Don't.

Iron Fort is purpose-built for compliance — not a generic GRC tool bolted onto a spreadsheet.

Live Monitoring

Real-time checks on encryption, MFA, access controls, and backup policies across all environments.

Evidence Tracker

Centralized, timestamped evidence collection that feeds directly into your audit package.

AI Risk Analyzer

Continuously scores your controls by severity, surfaces critical gaps, and generates a prioritized remediation roadmap.

New

AI Policy Review

Upload existing policies and get a line-by-line analysis against HIPAA, ITSG-33, or SOC-2 — gaps flagged before your auditor finds them.

New

BAA Tracker

Manage all Business Associate Agreements in one place with expiry alerts and completeness scoring.

Training Logs

Track workforce compliance training and attestations — searchable, exportable, audit-ready.

Breach Response

Built-in HIPAA-compliant incident response workflows with notification timelines and documentation.

Power BI Dashboards

Custom analytics dashboards for compliance leaders who need executive-level reporting.

Client Results

What Our Clients Say

Iron Fort replaced three months of consultant work. We walked into our OCR audit with a complete evidence package generated in under an hour.
MR
M. Richardson
CISO · Regional Health Network
The ITSG-33 automation cut our SA&A prep time in half. Our team can now manage twice the client load without adding headcount.
JT
J. Tran
Director of Compliance · Federal Agency
As a startup founder, compliance used to feel impossible. Iron Fort got us SOC-2 ready in six weeks and helped us close our first enterprise deal.
SP
S. Patel
CEO · HealthTech SaaS Startup
Pricing

HIPAA & SOC 2 Plans

Transparent, public pricing for health tech and SaaS companies. No sales call required to get started.

Monthly Annual Save up to 17%
Founder
Pre-seed · Solo founder · First framework
$299 /mo
Billed $3,588/year
  • 1 user
  • 1 framework — HIPAA or SOC 2
  • Core controls library
  • Policy templates
  • Evidence vault (basic)
  • Auditor Report
  • Vendor risk
  • Dual-framework coverage
Async expert access — HIPAA & SOC 2 specialist responds within 2 business days
Start Free Trial →

30-day free trial · No credit card

Startup
Pre-Series A · Growing team · Single framework
$649 /mo
Billed $7,788/year
  • 5 users
  • 1 framework — HIPAA or SOC 2
  • Full controls library + monitoring
  • Auditor Report
  • BAA management or Trust Page
  • Vendor risk — basic
  • Dual-framework coverage
  • Dedicated CSM
Monthly group office hours with a live HIPAA / SOC 2 expert + async within 1 BD
Start Free Trial →

30-day free trial · No credit card

MOST POPULAR
Health SaaS
HIPAA + SOC 2 · Close enterprise deals · Dual-framework
$1,099 /mo
Billed $13,188/year
  • 10 users
  • HIPAA + SOC 2 — unified controls
  • Overlapping controls count once
  • Auditor Report
  • BAA management + Trust Page
  • Vendor risk — full
  • Dedicated onboarding
  • 2026 HIPAA NPRM ready
Monthly 1:1 expert call (60 min) covering HIPAA & SOC 2 + same-day async
Start Free Trial →

14-day free trial · No credit card

Growth
Series A+ · HIPAA & SOC 2 · Named advisor
$1,499 /mo
Billed $17,988/year
  • 25 users
  • HIPAA + SOC 2 — full platform
  • Custom Auditor Report
  • Vendor risk — full
  • 2026 HIPAA NPRM module
  • Dedicated CSM
  • SLA-backed support
  • Custom integrations
Bi-weekly 1:1 expert calls + named compliance advisor assigned to your account
Book a Demo →

Demo + 14-day trial included

All plans available on AWS Marketplace with consolidated billing — use your existing AWS credits toward your compliance program.

Try Free with AWS Buy with AWS
Canadian Government

ITSG-33 SA&A Automation

Purpose-built for federal, provincial, and municipal programs. Scoped to the complexity of your SA&A engagement — not priced per seat.

Available through

GOV. OF CANADA · RFSA SLSA TBIPS CSPV PROSERVICES AWS MARKETPLACE

Automated SA&A Readiness

ITSG-33 Annex 3 control selection, gap analysis, and evidence collection — automated across your full system scope.

Protected A & B Profiles

Pre-configured control baselines for Unclassified, Protected A, and Protected B classification levels.

Canada

Bilingual Documentation

All SA&A documentation, reports, and policy templates delivered in both English and French.

GC Cloud Guardrails

Aligned to Treasury Board's 12 GC Cloud Guardrails for departments migrating workloads to public cloud.

Executive Dashboards

Power BI-integrated compliance dashboards for CIO and CISO reporting to departmental leadership.

Custom Auditor Report

Tailored SA&A audit reports formatted to departmental requirements with full evidence traceability.

Engagement Pricing

Scoped to your program

Every SA&A engagement is different. Pricing is based on number of systems in scope, classification level, and program complexity — not per-user seat counts.

Every engagement includes

  • Dedicated SA&A compliance advisor
  • Unlimited platform users
  • Bilingual documentation (EN / FR)
  • Custom Auditor Report
  • RFSA / SLSA procurement support
  • Power BI executive dashboards
Request a Proposal → Book a Demo

RFSA · SLSA · TBIPS · CSPV eligible

AWS Qualified Software

Deploy Through AWS Marketplace

Use your existing AWS account to subscribe, bill, and manage Iron Fort — no new vendor relationship, no separate invoice.

Eligible procurement vehicles

AWS MARKETPLACE GOV. OF CANADA · RFSA SLSA AWS FTR CERTIFIED

Consolidated Billing

Iron Fort charges appear on your existing AWS invoice. One bill, one vendor relationship — no new accounts to set up.

Use Your AWS Credits

Apply existing AWS Marketplace credits or committed spend directly toward your Iron Fort subscription — dollar for dollar.

AWS FTR Certified

Iron Fort is AWS Foundational Technical Review certified — the fastest compliance path for organizations pursuing AWS ISV partnership.

RFSA / SLSA Eligible

Canadian federal departments and agencies can procure Iron Fort via AWS Marketplace under existing RFSA and SLSA procurement vehicles.

Enterprise-Ready in Minutes

Subscribe on AWS Marketplace and Iron Fort activates immediately — no procurement delays, no lengthy onboarding paperwork.

Free Trial Included

Start with a free trial through AWS Marketplace — no credit card required, cancel anytime. Full platform access from day one.

AWS Marketplace Plans

Founder $299/mo
Startup $649/mo
Health SaaS $1,099/mo
Growth $1,499/mo
Enterprise Custom

Annual billing · Free trial on all plans

Try Free on AWS Marketplace Buy with AWS

No credit card · Cancel anytime

Get Started Today

Stop Reacting to Compliance.
Start Owning It.

Book a free 30-minute strategy call. Walk away with a personalized compliance roadmap — no obligation, no sales pressure.

Book My Free Strategy Call Browse Free Resources

Available on AWS Marketplace · RFSA Eligible · No credit card required for trial