Tscale Trust Center

Controls

The security controls we operate across every region, service and customer. Mapped to SOC 2, ISO 27001 and NIST CSF — independently audited and continuously monitored.

Domains

34+

Controls

Frameworks

100%

SOC 2 Coverage

Request evidence

Mapping details, framework crosswalks, and control evidence are released under NDA. Submit a request and our compliance team will respond within one business day.

Request via contact form →

Framework mapping

Our controls are mapped to SOC 2 Trust Service Criteria, ISO 27001 Annex A, and NIST CSF 2.0 functions.

SOC 2 ISO 27001 NIST CSF

Infrastructure security

Controls protecting our compute, network, and storage layer.

7 controls

Access to Source Code

CC8.1ISO A.8.4Quarterly review

Active

Firewall access restricted

CC6.6ISO A.8.22Continuous

Active

Firewall Rules in place

CC6.6ISO A.8.22Continuous

Active

Encryption at rest and in transit

CC6.1ISO A.8.24Continuous

Active

Network segmentation

CC6.6ISO A.8.20Continuous

Active

Vulnerability scanning

CC7.1ISO A.8.8Weekly

Active

Multi-region redundancy

CC7.5ISO A.8.14Continuous

Active

Need control evidence?

Audit-tested evidence and detailed implementation notes are available under NDA.

Request infrastructure evidence →

Organizational security

People, training, and governance controls.

10 controls

Security Awareness

CC1.4ISO A.6.3Annual + onboarding

Active

Security Awareness — Documentation

CC1.4ISO A.6.3Annual

Active

Roles & Responsibilities

CC1.3ISO A.5.2Documented

Active

Background checks

CC1.4ISO A.6.1Pre-employment

Active

Vendor risk management

CC9.2ISO A.5.19Annual

Active

Incident response plan

CC7.4ISO A.5.24Tabletop quarterly

Active

Risk assessment program

CC3.1ISO A.5.7Annual

Active

Information Security Policy

CC1.1ISO A.5.1Reviewed annually

Active

Acceptable use policy

CC1.5ISO A.5.10Acknowledged on hire

Active

Asset inventory & classification

CC3.4ISO A.5.9Continuous

Active

Need control evidence?

Audit-tested evidence and detailed implementation notes are available under NDA.

Request organizational evidence →

Product security

Controls in our secure software development lifecycle.

5 controls

Secure System changes

CC8.1ISO A.8.32Continuous

Active

Production application access restricted

CC6.1ISO A.8.2Continuous

Active

Separation of development, test and production

CC8.1ISO A.8.31Continuous

Active

Code review (peer review mandatory)

CC8.1ISO A.8.28Every change

Active

SAST / DAST / SCA in CI/CD

CC7.1ISO A.8.29Every pipeline

Active

Need control evidence?

Audit-tested evidence and detailed implementation notes are available under NDA.

Request product evidence →

Internal security procedures

Internal administrative and operational safeguards.

4 controls

Administrative safeguarding in place

CC6.2ISO A.8.2Continuous

Active

Access process following termination in place

CC6.2ISO A.5.18Immediate

Active

Password policy in place

CC6.1ISO A.5.17Continuous

Active

MFA enforced for all workforce

CC6.1ISO A.8.5Continuous

Active

Need control evidence?

Audit-tested evidence and detailed implementation notes are available under NDA.

Request internal evidence →

Data and privacy

Customer data handling, retention, and privacy controls.

11 controls

Data disposal processes in place

CC6.5ISO A.8.10Per policy

Active

Data backups performed

CC7.5ISO A.8.13Daily

Active

Privacy rule is adhered to

CC2.1GDPR / NDPRContinuous

Active

Data residency controls

CC6.7GDPR / NDPRCustomer-selected

Active

Customer-managed encryption keys (CMEK / BYOK)

CC6.1ISO A.8.24Enterprise plans

Active

TLS 1.3 for all data in transit

CC6.7ISO A.8.24Continuous

Active

No training on customer data

CC2.1ContractualContinuous

Active

Data subject request workflow

CC2.2GDPR Art. 15–2230 days

Active

Subprocessor list published

CC9.2GDPR Art. 2830-day notice

Active

Immutable audit logs (365-day retention)

CC7.2ISO A.8.15365 days

Active

HIPAA BAA available

HIPAARoadmap2026

In progress

Need control evidence?

Audit-tested evidence and detailed implementation notes are available under NDA.

Request data & privacy evidence →

Need control evidence or mappings? Request them.

Audit-tested evidence, framework crosswalks, and detailed implementation notes are released to verified contacts under NDA. We respond within one business day.

Security · Vulnerability disclosure Request via contact form → Privacy · DPA · Data subject requests Request via contact form → Compliance · Audit reports · Questionnaires Request via contact form →