Multi-organization setup
Manage multiple organizations with isolated data and users.
Overview
VerifyWise supports multi-organization deployments for enterprises that need to manage AI governance across separate business units, subsidiaries, or client organizations. Each organization operates independently with its own data, users, and configuration while sharing the same VerifyWise infrastructure.
Multi-organization architecture is useful when you need strict data separation between entities. Each organization has isolated data stores, meaning users in one organization cannot see or access data from another organization.
When to use multiple organizations
Consider separate organizations when:
- Regulatory separation: Different business units operate under different regulatory jurisdictions and need isolated compliance programs
- Client services: You provide AI governance services to multiple clients who should not see each other's data
- Acquisition integration: Newly acquired companies need their own governance space before integration
- Data residency: Legal requirements mandate that certain data remains isolated
- Independent operations: Business units operate autonomously with separate governance teams
How multi-organization works
Each organization in VerifyWise operates within an isolated data environment. When you create an organization, VerifyWise provisions a dedicated database schema for that organization, ensuring complete data separation while maintaining efficient resource usage.
- Schema-level isolation: Each organization has its own database schema containing all governance data
- Separate user base: Users belong to one organization and cannot access others
- Independent configuration: Settings, branding, and preferences are organization-specific
- Scoped API keys: API credentials are created within and work only for their organization
From a user perspective, working within an organization looks the same regardless of whether other organizations exist. You log in, see your organization's data, and work within that context.
Creating an organization
New organizations are created during the initial setup process or by system administrators in self-hosted deployments. The process involves:
- Organization name: Choose a name that identifies the business entity
- Initial administrator: Designate the first user who will have admin rights
- Configuration: Set organization-level preferences and branding
Once created, the organization is ready for use. The initial administrator can invite additional team members and begin setting up the governance program.
Organization settings
Each organization can customize its own settings independent of other organizations. Configuration options include:
Branding
Upload your organization logo and set the organization name. These appear throughout the interface and in generated reports. If you use the AI Trust Center, your branding appears on the public-facing page.
User management
Manage who has access to your organization. Invite new users, assign roles, and remove users who should no longer have access. Each organization maintains its own user directory.
Users can only belong to one organization. If someone needs access to multiple organizations, they will need separate accounts with different email addresses.
Integrations
Configure integrations like Slack notifications separately for each organization. This allows different business units to route notifications to their own channels and tools.
Data isolation
The core benefit of multi-organization architecture is data isolation. VerifyWise uses schema-level separation within the database, meaning each organization has its own set of tables containing their governance data. Here is what this means in practice:
- Models: AI models registered in one organization are not visible to other organizations
- Risks: Risk registers are completely separate
- Policies: Each organization maintains its own policy library
- Vendors: Vendor registries do not overlap
- Evidence: Uploaded files are isolated to their organization
- Reports: Generated reports contain only organization-specific data
- Audit logs: Event tracking is scoped to the organization
Authentication
Users authenticate to VerifyWise and are then associated with their organization. The authentication flow ensures users can only access the organization they belong to.
Key authentication behaviors:
- User accounts are associated with a specific organization
- Session tokens include organization context for data access
- API keys are scoped to the organization that created them
- Password policies apply at the platform level
Best practices
Naming conventions
Use clear, consistent naming for organizations. Include identifiers that make it obvious which business entity the organization represents. This is especially important when administrators manage multiple organizations.
Administrator access
Limit the number of administrators in each organization. While you need at least one admin to manage settings and users, having too many increases the risk of configuration errors or unintended changes.
Documentation
Maintain documentation about your organization structure outside of VerifyWise. Record which business entities map to which organizations, who the administrators are, and any special configuration requirements.
Regular review
Periodically review your organization structure. As your business evolves, you may need to create new organizations, merge existing ones, or adjust user assignments. Build this review into your governance processes.
Limitations
Be aware of these constraints when working with multiple organizations:
- No cross-organization reporting: You cannot generate reports that span multiple organizations
- No shared users: Users cannot belong to multiple organizations with a single account
- No data sharing: There is no built-in mechanism to share data between organizations
- Separate administration: Each organization must be administered independently
If you need capabilities that span organizations, consider whether a single organization with multiple projects might better serve your needs.