Suki AI
Suki AI, Inc. · EFROS US AI Vendor Governance Index entry
Composite governance score
B = strong posture. Deployable in regulated workloads with documented compensating controls.
About this vendor
Clinical AI voice assistant for ambient note generation, dictation, and EHR navigation. EHR-integrated (Epic, Athenahealth, Cerner, Meditech, NextGen).
- Enterprise tier
- Suki Assistant (per-clinician licensing, EHR-integrated)
- Vendor homepage
- https://www.suki.ai
- Trust center
- https://www.suki.ai/security
Twelve-axis governance scoring
Each axis is scored Yes / Partial / No / N/A against public evidence — vendor trust portals, BAAs/DPAs, SOC 2 report cover pages, published methodology documents. N/A applies when the axis is structurally inapplicable (foundation models, for example, defer Section 1557 to the downstream healthcare deployer).
| Axis | Status | EFROS note | Source |
|---|---|---|---|
| BAA / DPA available | Yes | Suki signs BAAs for enterprise customers. | Suki Security |
| Training-data opt-out | Yes | Suki does not train models on customer audio or notes. | Suki Security |
| US data residency option | Yes | Suki US-hosted on US cloud infrastructure. | Suki Security |
| SOC 2 Type II report | Yes | Suki holds SOC 2 Type II and HITRUST CSF certification. | Suki Security |
| ISO/IEC 42001 attestation | No | No ISO/IEC 42001 attestation as of May 2026. | Public posture review |
| NIST AI RMF self-attestation | Partial | Suki publishes governance documentation aligning with NIST AI RMF principles; no formal self-attestation. | Suki Responsible AI |
| Colorado AI Act readiness | Partial | Suki engages on the Colorado AI Act deployer-responsibility model in customer documentation. | Suki customer documentation |
| HHS-OCR Section 1557 readiness | Partial | Suki documents bias testing and clinical safety governance; explicit Section 1557 public statement less detailed than Abridge. | Suki governance documentation |
| FRB SR 11-7 readiness | N/A | Healthcare-vertical positioning. | Suki positioning |
| ABA Formal Op 512 readiness | N/A | Healthcare-vertical positioning. | Suki positioning |
| Subprocessor list public | Yes | Subprocessor list available to enterprise customers. | Suki Security |
Trust-center maturity
Mature security documentation with HITRUST + SOC 2. AI-specific governance less granular than Abridge.
Source: Suki Security
Deep dive
Overview
Suki has strong fundamentals (BAA, US residency, SOC 2, HITRUST) and a more pragmatic positioning than Abridge. The Section 1557 engagement is less prominent than Abridge but adequate for most ambulatory deployments. HITRUST CSF certification is a meaningful differentiator for health-system buyers that require it.
Strengths
- BAA, US residency, SOC 2 Type II, HITRUST CSF
- Broad EHR integration
- Default no-train, customer-isolated
Weaknesses
- No ISO/IEC 42001
- Section 1557 documentation less prominent than Abridge
- Smaller scale than DAX Copilot or Abridge in market
Best-fit use case
Ambulatory practices needing HITRUST-aligned procurement, broad EHR integration, and strong clinician workflow fit.
Avoid when
Hospital systems with active OCR Section 1557 scrutiny. Abridge's public Section 1557 engagement is more defensible during audit.
Operator's take
Deploy Suki AI when ambulatory practices needing HITRUST-aligned procurement, broad EHR integration, and strong clinician workflow fit. The composite score of 72 (grade B) reflects a defensible posture for regulated US workloads. Skip the vendor when hospital systems with active OCR Section 1557 scrutiny. Abridge's public Section 1557 engagement is more defensible during audit. In every deployment, treat the cells above as a snapshot — the acquisition that gets to production safely is the one that re-verifies the trust-center posture before contract signature and rebuilds the matrix at renewal.
How this scoring is computed
The composite score blends eleven scoreable axes (BAA, training opt-out, US data residency, SOC 2, ISO/IEC 42001, NIST AI RMF, Colorado AI Act, Section 1557, SR 11-7, ABA Op 512, subprocessor transparency) with the trust-center maturity score. Axes marked N/A are excluded from the denominator so vendors are not penalized for sector-inapplicable axes. The vendor's primary sector amplifies the most relevant axes — healthcare vendors weight Section 1557 ×2, legal vendors weight ABA Op 512 ×2, banking vendors weight SR 11-7 ×2 — so the composite reflects what matters in the actual buying context.
Read the full methodology →Disagree with this scoring?
EFROS publishes scoring rationale per cell with a public source. If you have evidence that a specific axis should score differently — a new BAA, a new certification, a documented policy change — submit a formal challenge below. We re-score and publish the result with the next quarterly edition (or as a mid-quarter changelog entry if the change is material).
Disagree with a score?
Every cell in the EFROS Index is source-cited. If you have a public source that contradicts a score for Suki AI, submit a formal challenge — we re-verify against the source and respond within 14 days.
Similar vendors (same category or sector)
Vendors in the same category as Suki AI, padded with vendors that share its primary sector. All scored on the same twelve axes — useful for head-to-head shortlisting.
Where Suki AI shows up in the rest of the Index
Suki AI is scored in every state and (where applicable) sector slice of the Index. Use these views to compare Suki AI against its peers from a state or sector lens rather than category.
Take the scoring into production
The Index tells you the posture. These engagements turn the posture into a deployable program — vendor selection, governance policy, sector overlay, audit-ready evidence.