What is the SignalEDI company trust hub?

A public index of policies, security practices, vendor management, training, change management, incident response, and operational controls.

Where should security reviewers start?

Use the Trust Center, BAA, DPA, SLA, and privacy policy paths linked from this hub before production sign-off.

Is this hub the same as the about page?

No. About covers company mission and product positioning; this hub focuses on trust and compliance operations artifacts.

Trust centerSOC 2 readinessEvidence operations

Company trust operations

SignalEDI's company trust center organizes the operating systems auditors usually request: policies, security, vendor management, training, change control, incident response, access reviews, backups, penetration tests, and logs.

These pages describe SignalEDI's readiness posture and evidence workflow. They are not a SOC 2 attestation or certification claim.

Company hub Trust center

Company controls

Auditor request areas

10 operating areas

Policies

Policy library

Approved policy surfaces for information security, access control, acceptable use, change management, incident response, backup/restore, vendor management, and HR security.

Security

Security posture

Security posture map for identity, MFA, RBAC, tenant scoping, encryption expectations, logging, monitoring, and secure SDLC evidence.

Vendor management

Vendor register

Vendor lifecycle evidence for platform providers, subprocessors, SOC 2 reports, DPAs, BAAs where applicable, renewal review, and vendor incident handling.

Employee training

People compliance

People-compliance evidence for security awareness, policy acknowledgment, privileged-role onboarding, background-check tracking, and annual refresh requirements.

Change management

Change traceability

Traceability for production changes from request to PR, review, CI, deployment, verification, rollback planning, and emergency-change retrospective.

Incident response

IR and CAPA

Incident lifecycle evidence for severity classification, communications, post-incident review, corrective and preventive actions, and customer/regulatory notification decisions.

Access reviews

Access review

Quarterly access review evidence for users, privileged roles, MFA compliance, stale accounts, API keys, service accounts, and vendor-console admins.

Backups

Continuity evidence

Backup and disaster-recovery evidence for approved RTO/RPO, daily backup health, provider retention proof, restore drills, and tabletop validation.

Penetration tests

Testing evidence

Penetration-test planning and evidence handling for scoped external testing, remediation tracking, retest evidence, and customer-safe summaries.

Logs

Audit trail

Logging and monitoring evidence for failed logins, MFA changes, permission changes, production access, admin actions, security alerts, and audit retention.