Skip to main content
Dootsa

Public Trust Resource

Trust and Compliance Positioning

Dootsa maintains a compliance-aligned, evidence-driven security and privacy program. This page describes current framework positioning and approved external language for enterprise, government, and election-body reviewers.

Government and Election Bodies

Civic outreach is district-scoped (province, municipality, ward) — not individual-targeted.

Location-verified surveys and election POC flows are non-voting feedback systems.

External code review uses Tier 1 evidence bundles by default; Tier 2 read-only repo requires dual approval.

Verified certifications and posture summary available via public compliance APIs.

ISO/IEC 27001 ISMS certification pursued via SANAS-accredited bodies (SANS-adopted standards); 27701 and 27017/27018 phased thereafter.

Machine-readable posture: /api/public/compliance/posture · Audit intake templates

Framework Positioning

POPIA

Operator controls for purpose limitation, data minimisation, security safeguards, and auditable disclosure through least-privilege evidence grants.

SOC 1

Not currently attested. SOC-style governance and control evidence can be shared for risk review.

SOC 2

Not currently attested. We operate a SOC 2-aligned control program with readiness artifacts and evidence collection.

ISO 27001

ISO 27001-aligned ISMS with documented scope, SoA, and risk register. Certification pursued via SANAS-accredited body; verified status on this page when complete.

ISO 27701 / 27017 / 27018

Phased roadmap after 27001: privacy extension (27701) and cloud SaaS controls (27017/27018). SANS-adopted equivalents apply in South Africa.

PCI-DSS

Not currently certified/attested. PCI obligations are managed based on cardholder-data scope and contractual requirements.

HIPAA

Not operated as a HIPAA-covered production environment by default. HIPAA mode is enabled when PHI scope and BAAs are formally in place.

EU Model Clauses (SCCs)

Supported through SCC legal workflows and transfer safeguard documentation, subject to signed agreements.

Evaluating Dootsa for procurement? See Dootsa for Businesses and the audit request templates. Enterprise pack: enterprise readiness brief. Certifications API: /api/public/compliance/certifications.