QEHSTrust Center
Compliance document library
Request access to our audit reports, certifications, and completed security questionnaires. Fill in the form — we'll send a signed download link that expires in 7 days.
Artefacts are covered by a click-through NDA. Enterprise customers and qualified prospects only; redistribution is prohibited.
Available documents
SOC 2 Type 2 Report
Independent attestation report covering Security, Availability, and Confidentiality trust service criteria over a 12-month period.
NDA requiredReportRefreshed 2026-03-15ISO 27001:2022 Certificate
UKAS-accredited certificate and Statement of Applicability covering the QEHS production environment.
NDA requiredReportRefreshed 2026-02-10Penetration Test Executive Summary
Annual third-party penetration test executive summary. Scope: web app, public APIs, mobile apps, cloud infrastructure.
NDA requiredReportRefreshed 2026-01-22SIG Lite
Shared Assessments SIG Lite questionnaire — latest responses aligned to the 2026 release.
NDA requiredQuestionnaireRefreshed 2026-03-01CAIQ (CSA Cloud Controls)
Cloud Security Alliance Consensus Assessments Initiative Questionnaire v4 — mapped to our CCM controls.
NDA requiredQuestionnaireRefreshed 2026-02-28HECVAT
Higher Education Community Vendor Assessment Toolkit — Full version, for US university procurement.
NDA requiredQuestionnaireRefreshed 2026-02-15Security whitepaper
Detailed narrative covering architecture, data flows, encryption, key management, tenant isolation, SDLC, and incident response.
NDA requiredWhitepaperRefreshed 2026-04-01Data-flow diagram
High-level data-flow diagram showing tenant data at rest, in transit, and across sub-processors.
NDA requiredDiagramRefreshed 2026-04-01
Need something not listed — for example a custom mapping to your control framework or a completed VSA? Email anil@heftyinnovations.com or start with the Trust Center.