About Iron Fort

HIPAA compliance is no longer a once-a-year checklist.

Too many healthcare organizations rely on outdated self-assessments, manual risk analyses, and patchwork BAAs that don't hold up when OCR comes knocking. We’re here to fix that.

The Vision

Born from the frustration of reactive compliance

Before Iron Fort, HIPAA compliance was often:

  • A once-a-year spreadsheet or templated “risk assessment”

  • Written policies that no one reviewed—or enforced

  • Vendor BAAs missing key language or responsibilities

  • A mad scramble for evidence during an audit or legal threat

We saw a better way. Iron Fort replaces static documentation and after-the-fact remediation with an integrated platform that automates your safeguards, monitors your posture in real time, and gives teams the ability to prove—not just claim—HIPAA compliance at any moment.

Our Culture & Team

Elite Force, Global Mission

We’ve assembled a distributed team of cybersecurity strategists, compliance architects, and DevSecOps specialists — trained across borders, industries, and sectors — and unified under a single purpose:

To defend the systems that power nations, enterprises, and innovators.

We operate like a mission unit: clear roles, tactical execution, and zero wasted motion. Built in Canada, shaped by global defense norms, and guided by our founder’s vision to eliminate inefficiency across every layer of compliance.

The Iron Fort Platform

Built for the reality of modern healthcare

Whether you're a growing medical practice, a digital health startup, or a multi-site hospital system, HIPAA compliance isn’t getting simpler. With enforcement ramping up, malpractice lawsuits increasingly citing gaps in safeguards, and more vendors handling PHI than ever before—you can’t afford blind spots.

Iron Fort helps you:

  • Know where you stand in real time

  • Fix what’s broken before OCR or lawyers find it

  • Document what matters without drowning in paperwork

  • Hold vendors accountable with strong BAAs and visibility

Why Organizations Trust Us

One purpose-built platform. Built only for HIPAA.

Unlike generic GRC tools, Iron Fort focuses 100% on the evolving landscape of HIPAA, NIST 800-66, and HITRUST ensuring your program is aligned with current enforcement expectations.

Our platform includes:

  • Policy Analyzer

    Instantly assesses the quality, completeness, and compliance of your HIPAA documentation, with AI-powered feedback and remediation guidance mapped to OCR requests.

  • BAA Evaluator

    Rapidly reviews your Business Associate Agreements to surface missing elements like breach responsibilities, subcontractor obligations, and termination clauses.

  • Technical Safeguard Validation

    Automates validation of required controls—like access logs, MFA, encryption, and backups—across cloud services and internal infrastructure.

  • Live Compliance Dashboard

    Real-time views of your current posture across all HIPAA safeguards—administrative, physical, and technical.

  • Built-in OCR Audit Prep

    Structured workflows to guide your team through risk assessments, remediation plans, evidence collection, and documentation for any investigation.

  • AI-Driven Automation (coming soon)

    Eliminate the manual burden of assembling risk reports and compliance evidence.

Built for the Battlefield of Regulation

Ready to stop guessing where you stand?

Get a free HIPAA policy scorecard or book a 30-minute readiness demo
to see how Iron Fort helps you shift from reactive to resilient.

Run your HIPAA health check Book a platform demo

Meet Our Dynamic Team Member, Who
Are Really Care About

Sam McNaull

Founder & CEO

Fahad Jawaid

Co-Founder & CTO

Tarek Bari

Staff Engineer

Renilda De Dios

Customer Success

Jiu Axl Tabilla

Product Engineer

Papan Sarkar

Staff Engineer

Ali Bacelonia

Product Engineer

Jenrose Rabor

Product Support

Vince Vincent Maquilang

Jr. Product Engineer

Strategic: Board of Advisors

Mitch Carkner

Advisory Board

Stephen Reinhar

Advisory Board