Governance built in, not bolted on.
ISO 27001 held. SOC 2 Type 2 audit in progress, expected FY28. HIPAA-ready, GDPR-compliant, NIST SP 800-88 aligned, NIST AI RMF aligned, EU AI Act readiness.
Procurement-ready disclosures.
Each certification is described with scope, auditor and date. Attestations are gated on a work-email-only form.
ISO 27001
Held. Information security management system across product, data centre and operations. Re-audit annual.
SOC 2 Type 2
Audit in progress, certification expected FY28. Type 2 scope covers Security, Availability and Confidentiality criteria.
HIPAA-ready
Business Associate Agreement available; safeguards align to the HIPAA Security Rule administrative, physical and technical requirements.
GDPR
Compliant. Data Processing Agreement available. EU SCCs in place for sub-processors. EU-resident data plane available for regulated industries.
NIST SP 800-88
Reverse Logistics module sanitises per NIST SP 800-88 Revision 1 with 99.98% audit rate and per-asset certificate of destruction.
NIST AI RMF
AI Copilot aligned to the NIST AI Risk Management Framework. No training on customer data without written opt-in.
EU AI Act
Readiness assessment completed for high-risk use cases. Mitigations in place; full conformity assessment scheduled.
Sub-processors
Editable list maintained at /legal/security-compliance/. Notification on changes per GDPR Article 28(2).
Need our Security Pack?
Email-only form. ISO 27001 attestation, SOC 2 Type 2 audit status, sub-processor list, BAA template.