Security diligence
Riggr provides a high-level description on the public site. Tier 1 buyers usually complete deeper review under NDA. Do not claim ISO 27001 or SOC 2 unless your organisation has an audited attestation or a leadership-approved roadmap with dates.
Data residency
The target is UK-based processing and primary support for customer and workforce data. Map your actual subprocessors (hosting, messaging, finance integrations) and document any non-UK elements honestly in the data processing summary and customer DPA.
What we typically provide under NDA
- Completed security questionnaire (your template or a standard SIG-style questionnaire).
- Architecture overview — logical diagram, identity model, and data flows relevant to the Riggr platform.
- Penetration testing summary or full report — subject to redaction policy.
- Incident response and breach notification commitments — in the customer DPA as agreed.
Governance context
For access control and audit expectations at a business level, see Governance & audit.
Contact to start a questionnaire or diligence call.