Enterprise

Enterprise QEHS — without the enterprise rollout pain.

Built for CISOs, Heads of EHS, and Operations leaders rolling QEHS across thousands of seats, dozens of sites, and multiple jurisdictions. SSO, SCIM, residency, audit, and a CSM on every deal. Composer-driven configuration replaces six-month custom-build programs.

Contact sales Visit Trust Center

What you get on Enterprise

Six pillars your procurement, security, and implementation teams will want to review.

Identity & access

Meet your IdP, your controls, your zero-trust posture.

SSO (SAML + OIDC) with Okta, Entra ID, Google, Auth0, Ping, JumpCloud — production-tested recipes
SCIM 2.0 provisioning + deprovisioning; group-mapped roles
Module-scoped RBAC — permissions narrow to specific modules, locations, or record sets
Fine-grained session controls: IP allow-lists, device posture, forced reauth for sensitive actions
Step-up MFA (TOTP, WebAuthn) for high-risk transitions (approvals, deletions, settings changes)

Data residency

Pick your region, prove it to your regulator.

6 primary regions: US · EU (Frankfurt) · UK · AU (Sydney) · CA · UAE
Per-tenant choice of primary + DR region — data never leaves without your approval
Regulatory-fit matrix covers GDPR, UK GDPR, CPRA, PIPEDA, Australian Privacy Act, UAE DPL
Field-level encryption with BYOK (AWS KMS / HashiCorp Vault) on request
Transparent sub-processor register with 30-day change notification

Audit & governance

Every event, every actor, every export.

Tenant-level immutable audit log — every create, update, delete, access, and permission change
SIEM feed (Splunk, Datadog, Chronicle, Sentinel) via CEF or JSON
Exportable compliance artefacts: SOC 2 Type 2, ISO 27001, pen test, SIG Lite, CAIQ, HECVAT
Retention policies — per-module, per-record-type, with legal-hold overrides
Tamper-evident e-sign: W3C VC signatures on approvals, SHA-256 record hashes

Reliability & support

A platform your operations team can stake a permit on.

99.9% uptime SLA with tiered service credits — per-tenant status dashboard
24×7 Enterprise support with 1h critical-response SLA
Dedicated Customer Success Manager + solution architect
Quarterly business reviews, roadmap access, design partner program
Public status page + incident RSS + scheduled maintenance windows

Configurability

The Composer replaces custom code.

28 field block types, 16 capability blocks — compose new modules without a release
Visual workflow engine — guards, effects, approvals, SLAs, escalations
Conditional visibility, computed fields, repeater templates, lookup links
Per-tenant white-label: logo, palette, email, domain CNAME, mobile theming
Sandbox tenants for design + training — isolated from production

Implementation services

Go live faster, with less risk.

Phased rollout — discovery, Composer design, pilot, multi-site, go-live
Data migration from any incumbent EHS tool — CSV + API recipes for common export formats
Change-management collateral: train-the-trainer decks, end-user quickstarts, role playbooks
Integration workstream — SAP, Salesforce, ServiceNow, IdP, SIEM, data warehouse
Typical timeline: 6–12 weeks for 1 000 seats across 5 sites

Compliance posture

Pre-completed assessments + signed agreements move procurement forward faster. Request the full packet from the Trust Center.

SOC 2 Type 2

Annual audit by a Big 4 firm — letter available under NDA.

ISO 27001

ISMS certified; statement of applicability + Annex A controls map on request.

GDPR + UK GDPR

DPA with SCCs, UK addendum, data-subject request workflow.

HIPAA-ready

BAA available for healthcare tenants; PHI field encryption + audit trail.

HECVAT + CAIQ + SIG Lite

Pre-completed vendor assessments accelerate procurement.

Pen test

Annual third-party penetration test — executive summary on request.

Request the compliance library →

Next step

Scoped pilot, production in 6–12 weeks.

Tell us your seat count, sites, and timeline. Our solutions team replies in 1 business day with a pilot plan and pricing.

Contact sales See pricing