One procurement entry-point for every trust artefact.
SOC 2 Type II, ISO 27001, GDPR DPA, subprocessor list, vulnerability disclosure policy, pen-test summary and BC/DR posture — consolidated on one page so security and procurement teams don't chase artefacts across the site.
Pick the artefact procurement asks for first.
- TC.01On request
SOC 2 Type II report
Independent attestation of security, availability and confidentiality controls over a 12-month observation window. Issued by a Big-4 auditor; current report covers FY2026.
Available under NDA · refreshed annually - TC.02Live download
ISO 27001 certificate
Information Security Management System (ISMS) certification across the FlyttGo platform infrastructure scope. Surveillance audits in years 2 and 3, recertification in year 3.
Certificate PDF · public download - TC.03Live download
Data Processing Agreement (DPA)
Standard GDPR Article 28 controller-to-processor terms, EU SCCs (2021/914) annexed for restricted transfers, UK IDTA addendum for UK-bound data flows. Pre-signed by counsel.
Word + PDF · countersign and return - TC.04Live download
Subprocessor list
Live registry of every subprocessor that touches customer data — name, function, region of processing, certification status. 30-day notification on any change.
Live registry · subscribe to changes - TC.05Live download
Vulnerability disclosure policy
Coordinated disclosure terms for security researchers. PGP-signed channel, 90-day disclosure window aligned with industry norm, safe-harbour for good-faith research.
Public policy · security@flyttgotech.com - TC.06On request
Penetration-test summary
Executive summary of the most recent third-party penetration test. Full technical report (with remediation status) available under MNDA after a scoping session.
Summary · public · full report under NDA - TC.07Live download
Business continuity & DR
Recovery objectives per deployment substrate — RPO ≤ 15 min, RTO ≤ 4 hours for SaaS; tighter envelopes available for sovereign tenants. Tabletop exercise log refreshed quarterly.
BC/DR statement · annual tabletop summary - TC.08On request
Information security policy pack
Master IS policy + 14 supporting policies (access control, cryptography, secure development, incident response, third-party risk, etc.) — board-approved, version-tracked.
Policy pack · sharable under NDA
Live downloads ship from the page. Items marked ‘on request’ are released after a brief MNDA — the consultation desk routes the request within one business day.
Procurement-grade routing, one business day SLA.
- TC.H1
Open a trust request
Email security@flyttgotech.com or open the consultation booking — pick the artefact list and your jurisdiction.
- TC.H2
MNDA + scoping
Mutual NDA pre-signed and ready. Trust desk replies within one business day with an artefact bundle and any clarifying questions.
- TC.H3
Bundle delivery
Bundle delivered via secure share. Audit log of every artefact requested and shared, retained for the customer record.
Trust artefacts plug into a larger procurement narrative.
Once the trust review clears, the procurement conversation turns to deployment substrate, government framework alignment and engagement intake. The four pathways below route into the next surface.
- CR.00
Security posture detail
SOC 2 controls, ISO 27001 scope, the supporting cryptography and identity stack.
CR.00 · TS.00 - SV.00
Sovereign deployment
National hosting + data-residency posture across MENA, Africa and EU.
SV.00 - PC.00
Procurement frameworks
DPS · G-Cloud · OJEU · national framework alignment per jurisdiction.
PC.00 - CB.00
Open the trust desk
Five-step consultation intake — trust artefacts routed under CT.03 government pilot or CT.01 platform architecture.
CT.01 · CT.03