One page for procurement, legal, and CISO teams evaluating BetaQuick for a government AI deployment. Every framework we build against, every identifier you need for vendor onboarding, and the request mechanism for full documentation.
541511 · 541512 · 541519 · 518210 · 541330 · 561422 · 611420
BetaQuick's architecture is built against the FedRAMP Moderate control baseline - NIST 800-53 controls covering confidentiality, integrity, and availability for federal systems handling PII, PHI, and sensitive-but-unclassified data. Built on FedRAMP-authorized AWS and Azure. Contact center via Amazon Connect (FedRAMP High). LLM inference via Azure OpenAI Service (FedRAMP High). Transcription via AWS Transcribe and Azure Speech Services (both FedRAMP).
StateRAMP is the SLED-government equivalent of FedRAMP, rebranding to GovRAMP. BetaQuick's FedRAMP Moderate alignment qualifies for StateRAMP Fast Track reciprocity. SOC 2 Type II practices layered on top.
Business Associate Agreement in place with customers, plus downstream BAAs with cloud, LLM, transcription, SMS, and payment sub-processors. End-to-end encryption of PHI at rest and in transit. Role-based access control with full audit logging. Aligned with NIST 800-53 and FedRAMP security controls.
Minimum Acceptable Risk Standards for Exchanges - CMS's flavor of NIST 800-53 for state Medicaid and exchange systems. Moderate controls for Medicaid member services deployments.
VA's information security framework layered on NIST 800-53. AI deployments on VA workloads pursue Authority to Operate (ATO) through VA channels. Full call recording and decision logging retained per VA records management requirements. Crisis routing to Veterans Crisis Line (988) built into escalation protocols.
For deployments touching criminal justice information - non-emergency dispatch triage, agency records interaction - CJIS Security Policy controls for data handling, access, personnel screening, and audit.
USDOL's confidentiality rule for unemployment insurance data. Claimant data handling, use limitations, disclosure controls, and state-specific confidentiality statutes supported.
Federal confidentiality rule for substance use disorder records. Required for state and tribal behavioral health programs. Consent-based disclosure, re-disclosure prohibition, and auditing.
For UI and benefit programs handling federal tax information. Additional safeguards, background checks, and audit requirements on top of NIST 800-53.
AI voice agents accessible to citizens with hearing, speech, and cognitive differences. TTY routing, video relay support, slowed-speech mode, extended response timing. Past performance: SSA DCPS Modernization Section 508-compliant UI components (2016–2021).
ACA language access satisfied through native multilingual coverage - English, Spanish, and 60+ languages. No language-line vendor handoff. Every interaction logged in source language and English.
For IHS and 638 tribal deployments, adaptation to tribe-specific data governance - on-reservation residency, tribe-specific consent, custom retention and audit rights.
NIST AI Risk Management Framework - Map, Measure, Manage, Govern functions. Controls for AI impact assessments, model supply-chain disclosure, human-in-the-loop oversight, decision explainability.
OMB guidance on federal AI use - AI impact assessments, risk categorization, pre-deployment review. Documentation prepared alongside FedRAMP authorization package.
All call content, transcripts, customer records, and AI inference processed and stored inside US-based FedRAMP-authorized cloud regions. No offshore handoff.
Monthly vulnerability scans, quarterly reporting, annual 3PAO reassessment cadence. POA&M tracking. Incident response SLA. Breach notification per state-specific and federal requirements.
Capability statement, sub-processor list, BAA templates, authorization package references, past performance write-ups - all available on request.
Schedule a Call Request Documentation