QEHSQEHS
Book a demo

Enterprise

Enterprise QEHS, without the enterprise rollout pain.

Built for CISOs, Heads of EHS, and Operations leaders rolling QEHS across thousands of seats, dozens of sites, and multiple jurisdictions. SSO, SCIM, residency, audit, and a CSM on every deal. Composer-driven configuration replaces six-month custom-build programs.

Contact salesVisit Trust Center

What you get on Enterprise

Six pillars your procurement, security, and implementation teams will want to review.

Identity & access

Meet your IdP, your controls, your zero-trust posture.

  • SSO (SAML + OIDC) with Okta, Entra ID, Google, Auth0, Ping, JumpCloud — production-tested recipes
  • SCIM 2.0 provisioning + deprovisioning; group-mapped roles
  • Module-scoped RBAC — permissions narrow to specific modules, locations, or record sets
  • CIDR-level IP allowlist + tenant-admin password policy (min length, character classes, reuse window)
  • Step-up MFA (TOTP, WebAuthn) for high-risk transitions (approvals, deletions, settings changes)

Data residency

Pick your region, prove it to your regulator.

  • US (us-east-1) GA today; EU, UK, AU, CA, and UAE regions planned, provisioned on enterprise engagement (on customer demand)
  • Per-tenant pinning — once set, customer content, backups, and search indices stay in-region
  • Regulatory-fit matrix covers GDPR, UK GDPR, CPRA, PIPEDA, Australian Privacy Act, UAE DPL
  • Field-level encryption with BYOK (AWS KMS / HashiCorp Vault) on request
  • Transparent sub-processor register with 30-day change notification

Audit & governance

Every event, every actor, every export.

  • Tenant-level immutable audit log — every create, update, delete, access, and permission change
  • SIEM feed (Splunk, Datadog, Chronicle, Sentinel) via CEF or JSON
  • Compliance artefacts: SOC 2 Type II in progress; ISO 27001 + pen test to follow. SIG Lite / CAIQ / HECVAT custom responses available on enterprise engagement.
  • Retention policies — per-module, per-record-type, with legal-hold overrides
  • GDPR / CCPA deletion workflow with tenant-admin auto-approval policy and 7–180 day soft-delete grace window
  • Tamper-evident e-sign: W3C VC signatures on approvals, SHA-256 record hashes

Reliability & support

A platform your operations team can stake a permit on.

  • Enterprise uptime SLA negotiated per agreement; service credits documented in the MSA
  • Critical-response SLA via founder + on-call rotation (24×7 SLA paths open up as the support team is staffed)
  • Founder is your point of contact today; dedicated CSM rotates in as the team scales
  • Roadmap access + design partner program for early-stage customers
  • Public status page + incident RSS are on the roadmap; incidents notified directly to enterprise customers in the meantime

Configurability

The Composer replaces custom code.

  • 28 field block types, 16 capability blocks — compose new modules without a release
  • Visual workflow engine — guards, effects, approvals, SLAs, escalations
  • Conditional visibility, computed fields, repeater templates, lookup links
  • Per-tenant brand: logo, palette, transactional email sender, and custom domain CNAME (deeper white-label theming on roadmap)
  • Sandbox tenants for design + training — isolated from production

Implementation services

Go live faster, with less risk.

  • Phased rollout — discovery, Composer design, pilot, multi-site, go-live
  • Data migration from any incumbent EHS tool — CSV + API recipes for common export formats
  • Change-management collateral: train-the-trainer decks, end-user quickstarts, role playbooks
  • Integration workstream — SAP, Salesforce, ServiceNow, IdP, SIEM, data warehouse
  • Typical timeline: 6–12 weeks for 1 000 seats across 5 sites

Compliance posture

Pre-completed assessments + signed agreements move procurement forward faster. Request the full packet from the Trust Center.

SOC 2 Type II — audit planned

SOC 2 Type II audit planned; security policies published at /docs/security/policies/.

ISO 27001 (audit planned)

ISO 27001 ISMS documentation in progress; certification to follow SOC 2 Type I.

GDPR + UK GDPR

DPA with SCCs, UK addendum, data-subject request workflow.

Healthcare

Encryption at rest + in transit, field-level encryption on Enterprise, immutable audit log. HIPAA is not currently in scope — contact us if your use case requires it.

HECVAT + CAIQ + SIG Lite

Custom-completed vendor assessments on enterprise engagement.

Pen test

Third-party penetration test scheduled — executive summary available under NDA once delivered.

Request the compliance library →

Next step

Scoped pilot, production in 6–12 weeks.

Tell us your seat count, sites, and timeline. Our solutions team replies in 1 business day with a pilot plan and pricing.

Contact salesSee pricing