In Progress
SOC 2 Type II
Service Organization Control audit for security, availability, and confidentiality
The business needs OT data. Security says no to data movement. OT won't give IT access to their systems. Sound familiar? Conduit solves this impossible triangle.
Traditional approaches force you to choose between business value and security. Conduit eliminates the trade-off.
| Challenge | Traditional Approach | With Conduit |
|---|---|---|
| Business wants access to OT data for analytics | Build data lake, spend 18 months on ETL pipelines | Query data in place, deliver value in weeks |
| Security team concerned about OT network exposure | Complex DMZ architecture, months of security reviews | Read-only translators, no inbound connections to OT |
| Compliance requires data residency | Expensive regional data centers and replication | Data never moves, automatic compliance |
| OT team resists IT-driven initiatives | Years of organizational friction | OT keeps control, IT gets access—both win |
Built from the ground up for enterprise security requirements.
OT data never leaves OT networks. Queries execute at the edge and only results are returned. No data lakes, no replication, no governance nightmares.
Conduit connects to source systems with read-only credentials. There's no possibility of writes affecting production systems.
Every query is logged with user identity, timestamp, systems accessed, and data returned. Export to your SIEM for compliance reporting.
Every request is authenticated and authorized. Fine-grained RBAC controls who can access what data down to the tag level.
Questions route through organizational hierarchy with AI mediation at each level. No more telephone game - intent is tracked and preserved as information flows.
Every conversation is isolated at the thread level. Data expires after 30 days while abstract context persists, ensuring compliance without losing organizational knowledge.
Data stays in OT. Only query results cross the boundary.
React 18 + TypeScript. Query interface, UNS browser, data explorer.
Fastify REST API. JWT auth, RBAC, rate limiting.
DAG-based execution planner. Partial results, Redis caching.
Dynamic namespace resolution. Tag proposals, source bindings.
PostgreSQL + pgvector + DuckDB. Multi-source correlation.
Manages translator instances, federation links, and tool aggregation.
Conduit's architecture simplifies compliance by eliminating data movement and providing complete audit trails.
Service Organization Control audit for security, availability, and confidentiality
Information security management system certification
General Data Protection Regulation compliance — architecture designed for GDPR, formal certification in progress
Critical Infrastructure Protection standards for energy sector — designed for compatibility, validation in progress
Schedule a technical review with our security team. We'll walk through the architecture, deployment options, and compliance considerations.