1. Verify signed evidence
Use the compliance reviewer pack and public trust report to separate dated proof from unproven claims. The May 4 cutover bundle proves customer-route DNS, TLS, ACK route, API contract checks, and a 4-hour soak.
Security packet
For vendor security, CISO, and AppSec review.
Start with proof, not positioning. This packet points you to the signed reviewer pack, isolation and encryption materials, benchmark artifacts, subprocessors, and the constraints that still need follow-up.
2. Inspect controls
- Tenant isolation and vault encryption.
- Subprocessor inventory and tenant-policy routing.
- Detector benchmark snapshots and current public constraints.
3. Log the open risks
No independent pen-test attestation is complete yet. Cross-cloud database replication, auth failover, HSM custody, and unplanned full-region failure tolerance are not claimed.
Security review can proceed against the current pilot scope. Production cutover, unattended data-tier failover, and stronger assurance claims require separate evidence gates.