A single source of truth for how we secure, govern, and deliver human-verified quality. Review our access standards, incident playbooks, risk and continuity frameworks, workforce controls, and Human-Only (Zero-AI) policy.
Download All
Version 1.2 — 07 Jan 2025
A rigorous enterprise access-management standard covering SSO + MFA by default, bastion-only admin, quarterly entitlement reviews, SIEM monitoring, secrets in vault with scheduled rotation, and zero-trust endpoint/network safeguards. Built for ISO 27001/NIST controls, audit evidence, and least-privilege enforcement across cloud, SaaS, and endpoints.
Version 1.2 — 07 Jan 2025
Overview of GoTranscript’s ISMS: ISO 27001/27002/27017/27018 and NIST CSF alignment, risk governance, classification/retention model, incident management (72-hour breach window), IT Ops hardening, and secure SDLC. Ideal for due diligence, RFPs, and auditor desk reviews.
Version 1.2 — 07 Jan 2025
Enterprise people-security: automated joiner/mover/leaver access via SSO + MFA, 90-minute induction, U.S. DoD PII training within 30 days, monthly micro-lessons, quarterly phishing tests, and 4-hour leaver off-boarding SLA with immediate secrets rotation. Evidence-ready for audits and BAAs.
Version 1.2 — 07 Jan 2025
Formal IR playbook (Preparation→Detection→Containment→Eradication→Post-Incident), 15-minute reporting rule, ICO/GDPR 72-hour notice guidance, 7-year evidence retention, and a hardened EDR/AV stack (Defender, CrowdStrike, ESET, GuardDuty) with upload scanning and quarterly EICAR tests. Built for regulated environments.
Revision 4 — 27 Sep 2025
The governing policy for confidentiality, integrity, and availability across the company: classification, third-party handling, secure storage/disposal, change management, incident response, continuity, and compliance. Clear scope/definitions for audit readiness and regulator engagement.
Version 1.2 — 07 Jan 2025
Uptime and recovery commitments for enterprise buyers: ≥99.9% availability, RTO ≤1h, RPO ≤15m, multi-AZ design, cross-region encrypted backups with integrity checks, annual failover/tabletops, and IR integration with 72-hour breach notifications where required.
Version 1.2 — 07 Jan 2025
Day-to-day control ownership and evidence streams for audits: patch SLAs (critical ≤14 days), 100% encryption/MFA/backups, real-time CMDB, IaC change control, KPI dashboards, and training/IR drill cadence. Maps ISMS requirements to accountable ops tasks and reporting.
Last updated — 19 Jan 2025
Enterprise-grade human QA program: selective intake, language-specific testing in 40+ languages, mandatory two-person review on every file, continuous scoring, calibrated editors, and strict NDA/least-exposure handling — designed for HIPAA/GDPR-sensitive workloads.
Version 1.2 — 07 Jan 2025
How we identify, score, treat, and govern risks: quarterly reviews, executive Security Leadership Review, residual-risk sign-off, control mapping to ISO 27001/27017/27018, NIST CSF, PCI DSS and OWASP ASVS; integrates with access control, continuity, classification, and incident response.
Version 1.2 — 07 Jan 2025
A clear customer-assurance stance: no AI systems process client data. Network and endpoint blocks, software allow-listing, monthly audits, onboarding/annual training, and disciplinary enforcement via the ISMS incident process. Ideal for regulated and privacy-sensitive engagements.
We’re Ready to Help
Call or Book a Meeting Now
Verified Order
Verified Order
Verified Order
Verified Order
