Trust centerSOC 2 readinessEvidence operations

Policies

Approved policy surfaces for information security, access control, acceptable use, change management, incident response, backup/restore, vendor management, and HR security.

These pages describe SignalEDI's readiness posture and evidence workflow. They are not a SOC 2 attestation or certification claim.

Company hub Trust center

Evidence reviewers ask for

Current policy versions and approval metadata
Policy acknowledgment exports
Policy exception register and compensating controls

Operating controls

Annual policy review
Trigger-based updates after material architecture, vendor, or regulatory change
Owner sign-off before audit fieldwork

Owner

Security & Compliance Lead

Cadence

Annual review plus trigger-based updates

Audience

Auditors, procurement, security reviewers, and customer admins

Company controls

Related company pages

9 operating areas

Security

Security posture

Security posture map for identity, MFA, RBAC, tenant scoping, encryption expectations, logging, monitoring, and secure SDLC evidence.

Vendor management

Vendor register

Vendor lifecycle evidence for platform providers, subprocessors, SOC 2 reports, DPAs, BAAs where applicable, renewal review, and vendor incident handling.

Employee training

People compliance

People-compliance evidence for security awareness, policy acknowledgment, privileged-role onboarding, background-check tracking, and annual refresh requirements.

Change management

Change traceability

Traceability for production changes from request to PR, review, CI, deployment, verification, rollback planning, and emergency-change retrospective.

Incident response

IR and CAPA

Incident lifecycle evidence for severity classification, communications, post-incident review, corrective and preventive actions, and customer/regulatory notification decisions.

Access reviews

Access review

Quarterly access review evidence for users, privileged roles, MFA compliance, stale accounts, API keys, service accounts, and vendor-console admins.

Backups

Continuity evidence

Backup and disaster-recovery evidence for approved RTO/RPO, daily backup health, provider retention proof, restore drills, and tabletop validation.

Penetration tests

Testing evidence

Penetration-test planning and evidence handling for scoped external testing, remediation tracking, retest evidence, and customer-safe summaries.

Logs

Audit trail

Logging and monitoring evidence for failed logins, MFA changes, permission changes, production access, admin actions, security alerts, and audit retention.