TRUST & COMPLIANCE
Security That Stands Up to Scrutiny.
We operate to insurance-industry standards. Certifications, policies, and controls in one place — so your security and procurement teams don't have to ask twice.
TRUST & COMPLIANCE
We operate to insurance-industry standards. Certifications, policies, and controls in one place — so your security and procurement teams don't have to ask twice.
01 — CERTIFICATIONS
Information Security Management System certified to the latest 2022 revision. Annual surveillance audits by an accredited registrar.
Scope: AI product development, software engineering services, cloud operations.
Type II report covering Security, Availability, and Confidentiality. Target completion shared on request.
Auditor: TBD. Observation period: TBD.
02 — CONTROLS
TLS 1.2+ everywhere. AES-256 for stored data. Customer-managed keys available on request.
SSO + MFA for all internal systems. Least-privilege by default. Quarterly access reviews.
Continuous dependency scanning, scheduled penetration tests, and a coordinated disclosure policy.
Documented runbooks, on-call rotation, and customer notification within contractual SLAs.
Region-locked deployments on AWS and Azure. PII never leaves the customer's chosen region.
Code review, SAST/DAST in CI, and signed releases. Production access is logged and tightly scoped.
Certificates, sub-processor list, and policy summaries are available under NDA. Reach out and we'll share them with your security team.
security@purplemesh.in