IR-OS gives the Global CISO a unified command view across every subsidiary, region, and operating company — while each business unit keeps day-to-day autonomy. Powered by a private IR Brain trained on your own tabletops, AARs, and incident history. Built for NERC CIP, TSA, CIRCIA, DORA, and every other regulator you can't afford to get wrong.
Most CIRM platforms were built for a single tenant. IR-OS was built for the Fortune 500 CISO who has six business units, four insurance panels, three legal jurisdictions, and one board that wants a unified view.
Each BU runs its own IRC teams, incidents, and tabletops under its own jurisdictions. The parent sees a unified view for board reporting, regulatory aggregation, and cross-BU threat correlation. Shared policies cascade down. Private evidence stays local.
When a threat actor lateral-moves across your business units, you end up with four incident commanders arguing about authority while the clock runs. IR-OS was designed from the ground up to solve exactly this.
"My board wants 'one view' of cyber readiness across all our business units and I can't give it to them today. Each BU has its own IR team, its own lawyer, its own insurer. When a threat actor lateral-moves across BUs, I have four incident commanders arguing about who's in charge. That can't happen at our scale."
Parent tenant for the Global CISO with read access across every BU. Each BU runs its own incidents, tabletops, and IRC rosters under its own RLS boundary. Evidence stays where regulators expect it; reporting rolls up automatically.
Okta, Azure AD, Ping Identity, OneLogin, Google Workspace. Auto-provision and deprovision users via SCIM. Enforce MFA, session policies, and least-privilege role mappings at enterprise scale. Your identity team owns IR-OS access the same way they own everything else.
Your own historical incidents, tabletops, and AARs ingested into a private pgvector corpus on top of the public IR Brain (NIST, ISO 27035, SEC, GDPR, CISA, MITRE). Every AI suggestion is grounded in your organization's own hard-won history. No model training — retrieval only, your data stays yours.
If you run generation, transmission, distribution, pipelines, rail, water, or any other covered critical infrastructure, your regulatory surface is larger than any single framework. IR-OS ships with compliance mapping for every one of them.
"OT/IT convergence means incidents now span SCADA and corporate networks. My regulatory matrix is NERC CIP-008-6, TSA SD02C, five state PUCs, CIRCIA 72-hour, DHS. Any incident triggers six regulators in parallel and I have to prove 'we followed our documented plan' to auditors. Last audit we couldn't because the plan was in a shared drive."
SCADA, DCS, PLC, historian, HMI — IR-OS ships with OT-specific incident playbooks mapped to NERC CIP-008-6 and TSA SD02C. The IRC Recommender understands the difference between OT and IT roles and routes accordingly.
Every action is recorded in a SHA-256 hash-chained ledger with attribution, timestamp, and cryptographic integrity. Export a complete audit package — timeline, decisions, notifications, evidence — in the format your auditor expects.
Inbound webhooks from your SOC stack and outbound event mirroring so your SIEM has a record of every IR-OS decision. Correlate incidents across OT and IT without duplicating data stores.
Geographic region-specific IRC rosters with region-appropriate authorities and state-law mappings. Your Midwest operating company runs its incident under Midwest rules while the parent sees the unified view.
Fortune 500 CISOs and critical infrastructure VPs don't buy IR-OS for novelty. They buy it because the drudgery at enterprise scale is ten times worse — and so are the consequences.
Three plans — Squad, Command, and Theater — all on one unified pricing page. Large and complex organizations land on Theater, which includes the multi-BU parent hierarchy, private IR Brain corpus, SSO/SAML/SCIM, and dedicated CSM.
Procurement-friendly. Published MSA, standard DPA, SOC 2 Type II report under NDA, pre-answered security questionnaire. 30-day pilot for qualified organizations. No 6-month sales dance.
See all plans & pricing Book a walkthroughVolume-based multi-BU pricing · GSA and cooperative purchasing options · FedRAMP Moderate roadmap on request.
During onboarding, you provide IR-OS with your historical tabletops, after-action reviews, incident records, and any other IR documentation you want the AI to learn from. We ingest it into a pgvector-backed private corpus scoped to your tenant only. Every AI suggestion in your environment retrieves from your private corpus first, then the public IR Brain (NIST, ISO 27035, SEC, GDPR, CISA, MITRE) as fallback. No model training — retrieval augmentation only. Your data stays yours, never goes to OpenAI/Anthropic for training, and can be deleted on request.
IR-OS is in the FedRAMP Moderate Ready phase. Our underlying infrastructure (Cloudflare, Supabase) is FedRAMP-authorized. Contact [email protected] for the current detailed roadmap under NDA — we can typically share a target authorization date and our sponsoring agency.
Each business unit is its own tenant with row-level security enforcement at the database level. Users belong to a BU and can only see their BU's incidents, IRCs, and evidence. Parent tenants (Global CISO) have explicit read-only policies granting cross-BU visibility for aggregated reporting — no BU's private evidence is exposed to another BU. The architecture is designed for M&A scenarios, divestitures, and carve-outs: a BU can be moved between parents or become its own parent with full data portability.
Not today. IR-OS is a multi-tenant SaaS running on Cloudflare Workers + Supabase. For enterprise customers who need in-region data residency or single-tenant isolation, we offer a dedicated single-tenant deployment option on AWS GovCloud or Azure Gov with a longer-term commit. Contact [email protected] to discuss.
IR-OS runs on SOC 2 Type II certified infrastructure (Supabase + Cloudflare). IR-OS's own SOC 2 Type II audit is in progress with completion targeted for Q3 2026. ISO 27001 is on the 2027 roadmap. Enterprise customers can receive a letter of engagement from our auditors under NDA and our pre-answered CAIQ / SIG security questionnaire on request.
We publish a standard MSA, a GDPR-compliant DPA, and a HIPAA BAA. All three are available on request before you start the trial, so your legal team can review in parallel with your technical evaluation. Our enterprise procurement cycle is typically 30–45 days from first call to signed contract.
Unify incident command across every business unit, every jurisdiction, every clock. Let AI run the room while your practitioners run the response.
Start 7-Day Trial Buy Now