QEHSQEHS
Sign inBook a demo

Trust Center

Procurement packet

One zipped bundle covering everything procurement, security, privacy, and legal ask for — delivered the same business day after NDA. Designed so a typical 45-day vendor review compresses into 7–10.

Request the packet (NDA)Browse questionnaire answers

What's inside

Security attestations

  • SOC 2 Type 2 report12-month observation window, Big Four-tier auditor
  • ISO 27001:2022 certificate + SoAUKAS-accredited body
  • Penetration test executive summaryAnnual third-party test, CREST-accredited firm
  • Tenant isolation whitepaperHow row-level and query-time isolation is enforced

Questionnaires (pre-filled)

  • SIG LiteStandardized Information Gathering short form
  • CAIQ v4Cloud Security Alliance consensus assessment
  • HECVAT FullHigher-education vendor assessment
  • VSA FullShared Assessments Vendor Security Assessment

Privacy + compliance

  • Data Processing Agreement (DPA)GDPR-compliant with SCCs + UK IDTA
  • Sub-processor list + RSS feed30-day advance change notice
  • Data residency statementCovers US, EU, UK, AU, CA, UAE
  • Privacy Impact Assessment (PIA) templateStarter DPIA for your workflow

Legal + commercial

  • Master Services Agreement (template)Standard T&Cs with redline room
  • Order Form + SoW templatePer-tier, ready for your legal review
  • Certificate of InsuranceGeneral + Cyber + E&O, updated annually
  • Business Continuity & DR summaryRTO/RPO by tier with test cadence

Technical + architectural

  • Architecture overview diagramRegions, services, data flows
  • Authentication & authorization specSSO, SCIM, RBAC, guards
  • Audit & logging specWhat is logged, retention, SIEM integration
  • Integration catalogOut-of-the-box + SDKs + webhooks

How it works

  1. Request the packet from the document library — mutual NDA is executed electronically in the form.
  2. We return a zipped bundle + a shared data-room link within one business day.
  3. Your team reviews in parallel (security, privacy, legal). Our solutions engineer joins a single Q&A call to close redlines.
  4. On contract signature, the bundle contents are kept fresh for the life of the relationship via the data-room link.