Evaluate us the way we'd evaluate a vendor.
Certifications, security practices, data handling and disclosure — collected on one page so your procurement and security review can move fast.
What we hold ourselves to.
Certifications
ISO/IEC 27001:2022 (information security) and ISO 9001 (quality), independently audited. Certificates available to prospects on request.
Security practices
MFA everywhere, least-privilege access with quarterly review, client data segregated per engagement, endpoint hardening on the same MDR stack we sell, annual third-party pentest of our own estate.
Data handling
Engagement data encrypted in transit and at rest, retained only for the contracted period, destroyed with certificate on request. Findings never leave the client workspace on GovernanceOps AI.
Privacy commitments
We act as Data Processor for platform customers with DPAs reflecting DPDP obligations; sub-processor list available under NDA; no client data used for model training.
Found something in our estate? Tell us.
Report suspected vulnerabilities in Dataspace or GovernanceOps systems to disclosure@dataspacesecurity.com. We acknowledge within 2 business days, keep you informed through triage, and credit researchers who wish to be named. Good-faith research within scope will never be met with legal threats.
The frameworks behind the deliverables.
Security contact for active incidents involving Dataspace deliverables: info@dataspacesecurity.com — monitored 24×7 by the SOC floor.
