Procurement artefacts, on request.

Full report from our independent auditor covering the Security, Availability, and Confidentiality trust service criteria. Delivered under mutual NDA within 1 business day of request.

GDPR-aligned DPA template including the EU Standard Contractual Clauses, processing purposes, technical & organizational measures, and the current subprocessor list.

HIPAA-aligned BAA template for healthcare-education institutions on the Enterprise plan. Includes safeguard obligations, breach notification windows, and permitted uses.

Current list of our third-party subprocessors, their location, and the category of data they process. Updated whenever we add or remove a vendor; subscribe to get notified.

Architectural overview of how Cognaxa enforces tenant isolation at the PostgreSQL query planner, how the AI proctoring engine is isolated, and how we handle secrets, keys, and audit logs.

One-page summary of our incident response plan — detection, triage, communication, post-mortem. The full runbook is shared during procurement due-diligence.

Summary letter from our annual third-party penetration test. Includes scope, methodology, and a remediation status statement.

Current Statement of Applicability against the ISO 27001 controls set. Formal certification is in progress — targeted Q4 2026.