QEHS EthosEHS Ethos

Enterprise

Enterprise QEHS, without the enterprise rollout pain.

Built for CISOs, Heads of EHS, and Operations leaders rolling QEHS across thousands of seats, dozens of sites, and multiple jurisdictions. SSO, SCIM, residency, audit, and a CSM on every deal. Composer-driven configuration replaces six-month custom-build programs.

What you get on Enterprise

Six pillars your procurement, security, and implementation teams will want to review.

Identity & access

Meet your IdP, your controls, your zero-trust posture.

  • SSO (SAML + OIDC) with Okta, Entra ID, Google, Auth0, Ping, JumpCloud — production-tested recipes
  • SCIM 2.0 provisioning + deprovisioning; group-mapped roles
  • Module-scoped RBAC — permissions narrow to specific modules, locations, or record sets
  • CIDR-level IP allowlist + tenant-admin password policy (min length, character classes, reuse window)
  • Step-up MFA (TOTP, WebAuthn) for high-risk transitions (approvals, deletions, settings changes)

Data residency

Pick your region, prove it to your regulator.

  • US (us-east-1) GA today; EU, UK, AU, CA, and UAE regions planned, provisioned on enterprise engagement (on customer demand)
  • Per-tenant pinning — once set, customer content, backups, and search indices stay in-region
  • Regulatory-fit matrix covers GDPR, UK GDPR, CPRA, PIPEDA, Australian Privacy Act, UAE DPL
  • Field-level encryption with BYOK (AWS KMS / HashiCorp Vault) on request
  • Transparent sub-processor register with 30-day change notification

Audit & governance

Every event, every actor, every export.

  • Tenant-level immutable audit log — every create, update, delete, access, and permission change
  • SIEM feed (Splunk, Datadog, Chronicle, Sentinel) via CEF or JSON
  • Compliance artefacts: SOC 2 Type II in progress; ISO 27001 + pen test to follow. SIG Lite / CAIQ / HECVAT custom responses available on enterprise engagement.
  • Retention policies — per-module, per-record-type, with legal-hold overrides
  • GDPR / CCPA deletion workflow with tenant-admin auto-approval policy and 7–180 day soft-delete grace window
  • Tamper-evident e-sign: W3C VC signatures on approvals, SHA-256 record hashes

Reliability & support

A platform your operations team can stake a permit on.

  • Enterprise uptime SLA negotiated per agreement; service credits documented in the MSA
  • Critical-response SLA via founder + on-call rotation (24×7 SLA paths open up as the support team is staffed)
  • Founder is your point of contact today; dedicated CSM rotates in as the team scales
  • Roadmap access + design partner program for early-stage customers
  • Public status page + incident RSS are on the roadmap; incidents notified directly to enterprise customers in the meantime

Configurability

The Composer replaces custom code.

  • 28 field block types, 16 capability blocks — compose new modules without a release
  • Visual workflow engine — guards, effects, approvals, SLAs, escalations
  • Conditional visibility, computed fields, repeater templates, lookup links
  • Per-tenant brand: logo, palette, transactional email sender, and custom domain CNAME (deeper white-label theming on roadmap)
  • Sandbox tenants for design + training — isolated from production

Implementation services

Go live faster, with less risk.

  • Phased rollout — discovery, Composer design, pilot, multi-site, go-live
  • Data migration from any incumbent EHS tool — CSV + API recipes for common export formats
  • Change-management collateral: train-the-trainer decks, end-user quickstarts, role playbooks
  • Integration workstream — SAP, Salesforce, ServiceNow, IdP, SIEM, data warehouse
  • Typical timeline: 6–12 weeks for 1 000 seats across 5 sites

Compliance posture

Pre-completed assessments + signed agreements move procurement forward faster. Request the full packet from the Trust Center.

SOC 2 Type II — audit planned

SOC 2 Type II audit planned; security policies published at /docs/security/policies/.

ISO 27001 (audit planned)

ISO 27001 ISMS documentation in progress; certification to follow SOC 2 Type I.

GDPR + UK GDPR

DPA with SCCs, UK addendum, data-subject request workflow.

Healthcare

Encryption at rest + in transit, field-level encryption on Enterprise, immutable audit log. HIPAA is not currently in scope — contact us if your use case requires it.

HECVAT + CAIQ + SIG Lite

Custom-completed vendor assessments on enterprise engagement.

Pen test

Third-party penetration test scheduled — executive summary available under NDA once delivered.

Enterprise FAQ

Does QEHS Ethos support SSO and SCIM user provisioning?

Yes. Single sign-on works over SAML and OIDC with Okta, Microsoft Entra ID, Google, Auth0, Ping, and JumpCloud — these are production-tested recipes, not placeholders. SCIM 2.0 handles automated provisioning and deprovisioning, with group-mapped roles and module-scoped RBAC so permissions can narrow to a specific module, location, or record set. Step-up MFA (TOTP or WebAuthn) guards high-risk transitions like approvals and settings changes.

Where is customer data hosted, and can I pin it to a region?

The US (us-east-1) region is generally available today. EU, UK, Australia, Canada, and UAE regions are planned and provisioned on enterprise engagement — i.e. on customer demand, not yet self-serve. Once a region is set, per-tenant pinning keeps your content, backups, and search indices in-region. The regulatory-fit matrix covers GDPR, UK GDPR, CPRA, PIPEDA, the Australian Privacy Act, and UAE DPL; field-level encryption with BYOK (AWS KMS or HashiCorp Vault) is available on request.

Can QEHS migrate data from our current EHS tool?

Yes. Implementation runs in phases — discovery, Composer design, pilot, multi-site, then go-live. Data migration from an incumbent EHS tool uses CSV and API recipes for common export formats, alongside an integration workstream for SAP, Salesforce, ServiceNow, your IdP, SIEM, and data warehouse. A typical timeline is 6–12 weeks for roughly 1,000 seats across five sites. Change-management collateral (train-the-trainer decks, end-user quickstarts, role playbooks) is included.

What SLA and support does the Enterprise plan include?

An enterprise uptime SLA is negotiated per agreement, with service credits documented in the MSA. Critical-response SLA runs through the founder and an on-call rotation today, with 24×7 SLA paths opening up as the support team is staffed. The founder is your point of contact at launch; a dedicated CSM rotates in as the team scales. A public status page and incident RSS are on the roadmap — until then, incidents are notified directly to enterprise customers.

Does QEHS provide an audit log and a SIEM feed?

Yes. A tenant-level immutable audit log captures every create, update, delete, access, and permission change. The SIEM feed ships via CEF or JSON to Splunk, Datadog, Chronicle, or Sentinel. Retention policies are configurable per module and record type with legal-hold overrides, and tamper-evident e-sign uses W3C Verifiable Credential signatures on approvals with SHA-256 record hashes.

What compliance certifications and assessments are in place?

SOC 2 Type II audit is in progress, with security policies published at /docs/security/policies/. ISO 27001 ISMS documentation is in progress and certification follows SOC 2. HECVAT, CAIQ, and SIG Lite vendor assessments are custom-completed on enterprise engagement, and a third-party penetration test is scheduled — an executive summary is available under NDA once delivered. HIPAA is not currently in scope; contact us if your use case requires it.

Next step

Scoped pilot, production in 6–12 weeks.

Tell us your seat count, sites, and timeline. Our solutions team replies in 1 business day with a pilot plan and pricing.

Enterprise QEHS Software | QEHS Ethos