Now AnnouncingHercules × CyBlack Cohort Training Partnership·Jointly accelerating hands-on cyber workforce readiness across enterprise teams·Now AnnouncingHercules × CyBlack Cohort Training Partnership·Cohort programme for security teams, analysts and compliance leads·
Join the next cohort

Trust Center

Security Controls and Evidence Mapping

Hercules applies tenant isolation, strict validation, protected auth flows, and request-scoped auditability. The matrix below maps active controls to major framework domains.

Last updated: 2026-03-21

Control DomainFramework MappingCode/Operational Evidence
Access ControlISO 27001 A.5.15, SOC 2 CC6RS256 auth, role checks, tenant-scoped authorization middleware
Tenant SegregationISO 27001 A.8.2, SOC 2 CC7, CBN Risk-Based Cybersecurity FrameworkPostgreSQL RLS with tenant context enforced on every query
Secure DevelopmentISO 27001 A.8.28, SOC 2 CC8TypeScript strict mode, Zod validation, CI lint/type/test gates
Monitoring and LoggingISO 27001 A.8.15, SOC 2 CC7Structured request-scoped logs, audit log with operator attribution, 90-day retention
Resilience and ContinuityISO 27001 A.5.30, SOC 2 A1, CBN BCM expectationsHealth/readiness checks, managed database and Redis services, graceful shutdown
Data Minimisation and Lawful BasisNDPR Art. 2.1-2.3, NDPA 2023 Ch. 3Names, work emails, and interaction events only. Lawful basis: legitimate interest for security awareness training.
Data Subject RightsNDPR Art. 2.6, NDPA 2023 Ch. 4Rights requests acknowledged within 72 hours and coordinated with tenant-controller as data controller
Cross-Border Transfer SafeguardsNDPR Art. 2.11, NDPA 2023 Ch. 7Contractual DPA safeguards; Railway infrastructure disclosed; tenant-controllers advised on CBN residency obligations

Downloadable Artifacts

Control Mapping Matrix (CSV)

Framework domain to control coverage mapping used in procurement reviews.

v2026.03.04.1 • Updated 2026-03-04Verified against code/deploy posture

Download

Security Contact SLA (TXT)

Response-time commitments for customer-reported security issues.

v2026.03.04.1 • Updated 2026-03-04Verified against code/deploy posture

Download

Incident Response Summary (TXT)

Notification and escalation summary aligned to current operational process.

v2026.03.04.1 • Updated 2026-03-04Verified against code/deploy posture

Download

← Back to Trust Center