[TRUST CENTER · ONE PAGE, EVERY ANSWER]

Built for your auditor.

Procurement questionnaires usually take weeks. Ours takes one URL. Download our evidence pack, verify the audit log live, and skip the back-and-forth.

[AUDIT INTEGRITY · VERIFIED]

Tamper-evident log chain holds.

Every privileged action is hash-chained to the next. Modify, insert, or delete any past entry and the chain breaks — visibly, on this page.

8,793entriesverified just nowrefresh · 2 min
Patent Pending · OOH™

Omniscient Orbital Harmony.

OOH is Vigilant Entities' proprietary venture-grading model. Patent Pending · USPTO 63/PCT route.

Treat every startup as a small planet, orbited by seven satellites. Each satellite is independently scored by a dedicated AI agent. Yusuf — the council moderator — synthesises them into a single composite OOH Score (0–100) the holding company can defend in front of any investor or regulator.

Multi-perspective by design

Seven sovereign AI agents — Problem-Solution Fit, Product-Market Fit, Scale, Risk, Capital, People, Sovereignty — orbit each venture. No single model can game the score because no single model sees the whole picture.

Sovereign data isolation

Each orbital agent runs air-gapped inside your tenant. A leak in one satellite cannot compromise another. Telemetry never leaves the cluster.

Evidence-gated milestones

Points only count when a documented artefact is on file. The OOH score is auditable end-to-end — every percentage point traces back to a timestamp, a file, and a clearer.

Orthogonal, not sequential

Most frameworks (Maurya, Y Combinator) measure linear progress. OOH measures depth simultaneously — Asabiyyah, Sovereign Alignment, Capital Stewardship, and Founder Resilience all compound with — not after — your lean track.

OOH™ is a trademark of Vigilant Entities. Method patent pending — unauthorised reproduction prohibited.

Frameworks

Aligned with international standards.

[OWASP]
OWASP ASVS + Top 10

Full coverage matrix. Strict CSP, HSTS, anti-CSRF, brute-force lockouts, per-device JWT, hash-chained audit log.

[ISO/IEC]
ISO 27001 (Annex A)

Clause-by-clause: A.5 policies, A.9 access control, A.10 cryptography, A.12 logging, A.13 network, A.15 supplier risk, A.16 IR.

[SOC 2]
SOC 2 Type II readiness

TSC CC1, CC6, CC7, CC8, CC9 addressed. Audit trail, change mgmt, vendor risk register, IR playbook in place.

[NIST]
NIST 800-53 (Moderate)

AC, AU, IA, SC, SI families. AU-9 tamper-evident logs verifiable live above.

[GDPR]
GDPR Art. 15 / 17 / 20 / 32 / 33

Right to access + export + erasure available from your Profile. 72h breach notification process documented.

[NIST]
NIST 800-63B passwords

12+ char minimum, blocklist against known breaches, no forced rotation, MFA-like passwordless magic-links.

Evidence pack

Download what your auditor needs.

Every document is signed with a SHA-256 fingerprint — verify what you got is what we published.

[ONE-PDF PACK · SIGNED]
Send to your CISO in a single attachment.

All 8 docs bundled into one PDF with a cover page, table of contents, per-doc SHA-256 manifest, audit-chain head, and the PGP fingerprint for verification. Regenerated whenever a source doc changes.

bundle 360142cc8a3c…2026-07-04 23:35 UTCaudit 32f3afde2a…84.2 kB · 8 docs
Trust Pack PDF
[PERSONALISED FOR YOU]
Get a signed copy stamped with your name.

Same 8-doc bundle, plus a recipient page + faint per-page watermark with your email and a unique tracking token. The token also lives invisibly in the PDF metadata so we can attribute any later leak back to the original recipient.

Or pick individual documents
  • Security Overview
    Top-level security posture, OWASP/ISO/SOC2/NIST/GDPR coverage matrix, runtime controls.
    33fe37b0c953c3d5…6/8/20269.2 kB
    .MD
  • Threat Model (STRIDE)
    STRIDE per asset, attacker personas, residual risks. Quarterly review.
    290ad14166d53105…6/8/20267.3 kB
    .MD
  • RBAC Matrix
    Full role × capability matrix + enforcement points.
    055e024cab63c498…6/8/20266.3 kB
    .MD
  • Incident Response Playbook
    Detect → Triage → Contain → Eradicate → Recover. Regulatory clocks (GDPR 72h, PCI, etc.).
    de9d6a4e0892e7a7…6/8/20265.6 kB
    .MD
  • Backup & Restore Runbook
    RTO/RPO, restore procedures, encryption-at-rest, tabletop drill log.
    9c0f103cf5ff4f94…6/8/20265.6 kB
    .MD
  • Vendor Risk Register
    Per-vendor data shared, DPA status, SOC 2 status, sub-processors.
    3ad16405e3c12038…6/8/20265.5 kB
    .MD
  • Dependency Audit Baseline
    pip-audit + yarn audit CVE counts + remediation plan.
    faedf0a1cca2efbc…6/8/20263.8 kB
    .MD
  • Data Processing Addendum (DPA) — Template
    GDPR Article 28 DPA template incl. SCC Module 2, sub-processor register, security measures. Countersign-ready.
    dfca23bbc37c0e82…6/8/20268.1 kB
    .MD
CycloneDX SBOM (JSON)
Responsible disclosure

Found a bug? Tell us — encrypted.

Sub-processors

Every vendor we touch.

Full risk register at VENDOR_RISK.md (above).

VendorPurposeTierResidencyDPASOC 2
StripePayment processingT1US (EU replicas)✓ SignedType II
HostingerTransactional email (SMTP)T2EU (Lithuania)✓ SignedIn progress
AWSInference + storageT1Tenant-chosen✓ SignedType II
CloudflareCDN + WAF + TLS edgeT3Global edge✓ SignedType II
Still need more

Get the formal pack delivered.

SOC 2 letter + DPA + pen-test summary — sent on request. Email security@vigilantentities.com with your procurement team's CISO copied.

Live security page
Original text
Rate this translation
Your feedback will be used to help improve Google Translate