We treat compliance as table stakes. Each control framework below maps to a continuously enforced control set, with annual third-party attestation. Reports and bridge letters are issued to evaluating and contracted customers under NDA.
All five Trust Service Criteria. Issued annually by a Big-Four affiliated firm. Bridge letters available between report periods.
Information Security Management System certification, recertified on a three-year cycle with annual surveillance audits.
Business Continuity Management System certification — directly applicable to our DR-as-a-Service operating model.
Business Associate Agreement available. Technical, physical, and administrative safeguards mapped to 45 CFR Part 164.
EU and EEA data processing under standard contractual clauses; subprocessor list published; DPIA support included.
Non-rewriteable, non-erasable WORM media for broker-dealer record retention. Independent third-party DSO designation available.
Level 1 service provider scope, with quarterly ASV scans and annual on-site assessment. Encryption key management isolated by tenant.
All customer data is encrypted in transit (TLS 1.3, mutually authenticated) and at rest (AES-256-GCM with per-tenant key hierarchies derived from a customer-rooted KMS).
Customers may operate the root key inside their own HSM (BYOK) or delegate to our shared HSM service under split-knowledge custody. In both cases, our operators do not have access to plaintext data.
Retention floors are enforced at the storage layer using object-lock with compliance-mode WORM. Neither customer administrators nor our operators can shorten retention before its scheduled expiry. Retention ceilings are enforced by an independent reaper job audited as part of the SOC 2 control set.
All operator access to customer environments is recorded as immutable session video, brokered through a privileged-access workstation, and tied to a ticketed change request. Sessions are reviewed weekly by an independent compliance team that does not report into operations.
We use exactly three subprocessors: a tape vault operator (audited tier-III), a hardware logistics partner (audited NIST 800-88 sanitisation), and a payment processor that has no access to customer environments. The full subprocessor register and change history is available on request.
Customers receive a quarterly compliance summary: control exceptions raised, controls remediated, and any subprocessor changes. The summary is signed by the Head of Compliance.
We have prepared crosswalks for NIST 800-53, CSA CCM, BSI C5, and TPN. Ask for the relevant document.
Request audit documentation