IR-OS gives the Global CISO a unified command view across every subsidiary, region, and operating company — while each business unit keeps day-to-day autonomy. Powered by a private IR Brain trained on your own tabletops, AARs, and incident history. Built for SEC Item 1.05 public-company disclosure, NERC CIP, TSA, CIRCIA, DORA, and every other regulator you can't afford to get wrong.
Most CIRM platforms were built for a single tenant. IR-OS was built for the Fortune 500 CISO who has six business units, four insurance panels, three legal jurisdictions, and one board that wants a unified view.
Each BU runs its own IRC teams, incidents, and tabletops under its own jurisdictions. The parent sees a unified view for board reporting, regulatory aggregation, and cross-BU threat correlation. Shared policies cascade down. Private evidence stays local.
When a threat actor lateral-moves across your business units, you end up with four incident commanders arguing about authority while the SEC Item 1.05 clock runs. IR-OS was designed from the ground up to solve exactly this.
"We're a public company so SEC Item 1.05 four-business-day disclosure applies the moment my disclosure committee determines materiality. My board wants 'one view' of cyber readiness across all six business units and I can't give it to them today. When a threat actor lateral-moves across BUs, I have four incident commanders arguing about who's in charge while the clock runs. That can't happen at our scale."
For public registrants: the 4-business-day clock auto-starts from the moment your disclosure committee determines materiality. Every decision is timestamped in the hash-chained ledger. Legal, CFO, CISO, IR head, and Comms route through a pre-defined disclosure committee workflow with AI-drafted 8-K language and a regulator-ready audit trail.
Parent tenant for the Global CISO with read access across every BU. Each BU runs its own incidents, tabletops, and IRC rosters under its own RLS boundary. Evidence stays where regulators expect it; reporting rolls up automatically.
Okta, Azure AD, Ping Identity, OneLogin, Google Workspace. Auto-provision and deprovision users via SCIM. Enforce MFA, session policies, and least-privilege role mappings at enterprise scale. Your identity team owns IR-OS access the same way they own everything else.
Your own historical incidents, tabletops, and AARs ingested into a private pgvector corpus on top of the public IR Brain (NIST, ISO 27035, SEC, GDPR, CISA, MITRE). Every AI suggestion is grounded in your organization's own hard-won history. No model training — retrieval only, your data stays yours.
If you run generation, transmission, distribution, pipelines, rail, water, or any other covered critical infrastructure, your regulatory surface is larger than any single framework. IR-OS ships with compliance mapping for every one of them.
"OT/IT convergence means incidents now span SCADA and corporate networks. My regulatory matrix is NERC CIP-008-6, TSA SD02C, five state PUCs, CIRCIA 72-hour, DHS. Any incident triggers six regulators in parallel and I have to prove 'we followed our documented plan' to auditors. Last audit we couldn't because the plan was in a shared drive."
SCADA, DCS, PLC, historian, HMI — IR-OS ships with OT-specific incident playbooks mapped to NERC CIP-008-6 and TSA SD02C. The IRC Recommender understands the difference between OT and IT roles and routes accordingly.
Every action is recorded in a SHA-256 hash-chained ledger with attribution, timestamp, and cryptographic integrity. Export a complete audit package — timeline, decisions, notifications, evidence — in the format your auditor expects.
Inbound webhooks from your SOC stack and outbound event mirroring so your SIEM has a record of every IR-OS decision. Correlate incidents across OT and IT without duplicating data stores.
Geographic region-specific IRC rosters with region-appropriate authorities and state-law mappings. Your Midwest operating company runs its incident under Midwest rules while the parent sees the unified view.
Fortune 500 CISOs and critical infrastructure VPs don't buy IR-OS for novelty. They buy it because the drudgery at enterprise scale is ten times worse — and so are the consequences.
Transparent starting price, custom annual contracts. Procurement-friendly: published MSA available, standard DPA, SOC 2 Type II report under NDA, security questionnaire pre-answered. No 6-month sales dance.
Pre-answered security questionnaire · standard MSA available · 30-day pilot for qualified enterprises.
During onboarding, you provide IR-OS with your historical tabletops, after-action reviews, incident records, and any other IR documentation you want the AI to learn from. We ingest it into a pgvector-backed private corpus scoped to your tenant only. Every AI suggestion in your environment retrieves from your private corpus first, then the public IR Brain (NIST, ISO 27035, SEC, GDPR, CISA, MITRE) as fallback. No model training — retrieval augmentation only. Your data stays yours, never goes to OpenAI/Anthropic for training, and can be deleted on request.
IR-OS is in the FedRAMP Moderate Ready phase. Our underlying infrastructure (Cloudflare, Supabase) is FedRAMP-authorized. Contact [email protected] for the current detailed roadmap under NDA — we can typically share a target authorization date and our sponsoring agency.
Each business unit is its own tenant with row-level security enforcement at the database level. Users belong to a BU and can only see their BU's incidents, IRCs, and evidence. Parent tenants (Global CISO) have explicit read-only policies granting cross-BU visibility for aggregated reporting — no BU's private evidence is exposed to another BU. The architecture is designed for M&A scenarios, divestitures, and carve-outs: a BU can be moved between parents or become its own parent with full data portability.
Not today. IR-OS is a multi-tenant SaaS running on Cloudflare Workers + Supabase. For enterprise customers who need in-region data residency or single-tenant isolation, we offer a dedicated single-tenant deployment option on AWS GovCloud or Azure Gov with a longer-term commit. Contact [email protected] to discuss.
IR-OS runs on SOC 2 Type II certified infrastructure (Supabase + Cloudflare). IR-OS's own SOC 2 Type II audit is in progress with completion targeted for Q3 2026. ISO 27001 is on the 2027 roadmap. Enterprise customers can receive a letter of engagement from our auditors under NDA and our pre-answered CAIQ / SIG security questionnaire on request.
We publish a standard MSA, a GDPR-compliant DPA, and a HIPAA BAA. All three are available on request before you start the trial, so your legal team can review in parallel with your technical evaluation. Our enterprise procurement cycle is typically 30–45 days from first call to signed contract.
Unify incident command across every business unit, every jurisdiction, every clock. Let AI run the room while your practitioners run the response.
Book a Walkthrough