Governance, data, and audit

Use this summary with procurement, HSEQ, and IT reviewers. Update specifics to match your live controls and subprocessors.

Data handling

• Purpose limitation — personal and job data processed only to deliver contracted field services, compliance, invoicing, and safety obligations.
• Access control — role-based access for ops, clients, and scoped subcontractor accounts (where enabled).
• Retention — aligned to contract and statutory requirements; export and deletion handled per agreement.

Subcontractor access

• Scoped visibility — subcontractors see only what their role requires (e.g. assigned jobs, packs, certifications).
• Onboarding — accreditation and competency checks before deployment to site.

RAMS and e-sign

Job packs support controlled issuance of RAMS and method statements. E-signatures and audit trails are treated as enterprise must-haves — describe current production behaviour honestly in diligence; flag roadmap items when asked.