Most security reviews ask the same 200 questions. We've published the answers. Request an NDA, and you'll receive the full pack — audit reports, control mappings, sub-processor list, pen-test summary, and a pre-completed CAIQ — within one business day.
Click any artefact to request it. NDA gets returned signed within 4 business hours; document pack follows within 24 hours.
Independent attestation of our security, availability, processing integrity, confidentiality and privacy controls over a 12-month observation window.
Information security management system. Issued by an accredited certification body covering all production Cyfriq services.
Privacy information management system extension to ISO 27001. Covers data-principal rights, breach handling, and DPO controls.
Cloud Security Alliance Consensus Assessments Initiative Questionnaire — 261 pre-answered control questions covering our entire cloud-native stack.
Standardized Information Gathering questionnaire — pre-completed full and lite versions. We respond to vendor-specific questionnaires within 5 business days.
Executive summary of the most recent third-party penetration test against the Cyfriq production environment. Findings, severity, remediation status.
Third-party readiness assessment mapping Cyfriq controls to the Data Protection Board's expected obligations for Data Fiduciaries and Processors.
Complete list of third parties processing customer data on behalf of Cyfriq. Includes purpose, location, and security attestations of each.
DPDP- and GDPR-aligned DPA covering all processing activities, sub-processor disclosure, breach notification SLAs and data residency.
Logical data-flow diagram showing customer endpoints → Cyfriq edge → policy engine → KMS-wrapped storage → WORM audit. Buyer-level detail.
Coordinated vulnerability disclosure. Researchers can submit findings to security@cyfriq.com. We acknowledge within 1 business day.
Live production status, current incidents (if any), and historical uptime by component. Subscribe for incident notifications.
Different procurement teams use different questionnaire formats. Send yours — Excel, Word, PDF, vendor portal link — to security@cyfriq.com. We'll return it pre-completed with evidence attachments.
Cyfriq is built on ShaktiDB — India's indigenous, open-source, PostgreSQL-forked database, incubated at and backed by IIT Madras Pravartak. Engineered for sovereignty, ACID-compliant, and designed to align with RBI regulations and CERT-In's SBOM directive. The trust we ask you to place in Cyfriq rests on a foundation built for it.