Public Trust Resource
Trust and Compliance Positioning
Dootsa maintains a compliance-aligned, evidence-driven security and privacy program. This page describes current framework positioning and approved external language.
SOC 1
Not currently attested. SOC-style governance and control evidence can be shared for risk review.
SOC 2
Not currently attested. We operate a SOC 2-aligned control program with readiness artifacts and evidence collection.
PCI-DSS
Not currently certified/attested. PCI obligations are managed based on cardholder-data scope and contractual requirements.
ISO 27001
ISO 27001-aligned controls and audit engagement planning are in place. Certification status is shared according to completed audit stages.
HIPAA
Not operated as a HIPAA-covered production environment by default. HIPAA mode is enabled when PHI scope and BAAs are formally in place.
EU Model Clauses (SCCs)
Supported through SCC legal workflows and transfer safeguard documentation, subject to signed agreements.
Use: "compliance-aligned", "evidence-driven controls", "readiness artifacts".
Avoid: "fully compliant", "certified", or "attested" unless independently verified and current.
- Control matrix and control ownership model
- Incident response, access review, and risk management process artifacts
- Subprocessor governance templates and transfer-control workflows
- Cloud hardening and penetration-test execution packs
- DPA/SCC/BAA legal workflow process documentation
Need an enterprise response pack? Use the audit request templates and the enterprise readiness brief.