Governance & Security AI

Mergic Citadel

HIPAA-compliant deployment with full audit and governance. SOC 2 Type II, HIPAA BAA, 99.9% uptime, complete model lifecycle control.

Product capabilities

Enterprise-grade governance for production AI in healthcare.

Citadel wraps all Mergic products with private deployment, policy controls, audit trails, and model versioning — so you can run AI on PHI with full compliance and IP protection.

Private NIM endpoints inside your boundary

Deploy NVIDIA NIM inference microservices in your VPC, on-prem, or air-gapped environment — all Mergic products run on private endpoints with full model control. PHI never leaves your infrastructure, and you retain ownership of all fine-tuned weights and inference logs.

VPC / On-prem / Air-gapped · Full model control · PHI-safe

Policy controls and PHI-safe logs

Enforce role-based access, data residency policies, and PHI masking at the inference layer — all logged and auditable.

Audit trails for all predictions

Every model prediction, retrieval, and clinical decision is logged with full provenance for compliance reporting.

Model governance and versioning

Track model versions, weights, training data lineage, and performance metrics across all Mergic products.

Fine-tuning infrastructure

Fine-tune foundation models on your proprietary data with NVIDIA DGX — models stay in your boundary.

Air-gapped deployment options

Deploy Mergic products in fully air-gapped environments with no external connectivity for maximum security.

NVIDIA healthcare stack

Built natively on NIM and DGX.

Inference

NVIDIA NIM

Self-hosted inference microservices for all Mergic products — deploy in VPC, on-prem, or air-gapped with full model control.

Training

NVIDIA DGX

Fine-tune foundation models on proprietary health data with DGX infrastructure — models and data stay in your boundary.

Performance metrics

Citadel by the numbers.

SOC 2 Type II

Full compliance with SOC 2 Type II controls for security, availability, and confidentiality

HIPAA BAA

Business Associate Agreement with complete PHI safeguards and breach notification protocols

99.9%

Uptime SLA for production AI deployments with 24/7 monitoring and incident response

100%

Audit coverage — every prediction, retrieval, and clinical decision logged with full provenance

Zero

PHI leaves your infrastructure — all inference, training, and storage in your security boundary

How it works

From deployment to audit — Citadel at every layer.

Citadel wraps all Mergic products with private inference, policy enforcement, audit logging, and model governance for production AI in healthcare.

Step 1

Deploy Citadel layer

Install Citadel control plane in your VPC or on-prem; provision private NIM endpoints for all Mergic products

Step 2

Configure policies

Set role-based access, data residency rules, PHI masking policies, and fine-tuning permissions

Step 3

Route products through governance

All Vision, Helix, Lumen, Forge, Atlas inference routed through Citadel policy and audit layer

Step 4

Audit + version control

Log every prediction, retrieval, and clinical decision with full provenance; track model versions and weights

Step 5

Monitor + alert

Real-time monitoring for model drift, policy violations, and performance degradation with alerting

Step 6

Compliance reporting

Generate audit reports for SOC 2, HIPAA, and internal compliance reviews with full prediction lineage

Integration

Citadel connects to your existing security and compliance stack.

Identity

Enterprise SSO and identity providers

Integrate with Okta, Azure AD, Google Workspace, or custom SAML/OIDC for role-based access

Monitoring

SIEM and log aggregation

Export audit logs to Splunk, Datadog, ELK, or custom SIEM for centralized security monitoring

Infrastructure

Cloud and on-prem deployment

Deploy on AWS, Azure, GCP, or on-prem with Kubernetes, Terraform, or custom infrastructure-as-code

FAQ

Questions before your demo.

Answers for CISOs, compliance officers, and IT leaders evaluating Citadel for production AI.

Yes. Citadel deploys as a control plane in your VPC, on-prem data center, or air-gapped environment. All NIM inference endpoints run in your infrastructure, and PHI never leaves your security boundary.

Citadel enforces PHI masking at the policy layer, logs every prediction with full provenance, and supports Business Associate Agreements (BAA). All inference, training, and storage stays in your HIPAA-compliant infrastructure.

Yes. Citadel provisions NVIDIA DGX infrastructure in your boundary for fine-tuning foundation models on your proprietary health data. Models, weights, and training data never leave your security perimeter.

Every model prediction, data retrieval, and clinical decision is logged with full provenance — input data, model version, output, timestamp, user. Audit logs export to SIEM or custom compliance systems for SOC 2 and HIPAA reporting.

Get started

See Citadel in action with your compliance requirements.

Bring your security policies, data residency rules, and audit needs. We'll map the deployment architecture, governance controls, and compliance coverage.