Skip to content
Trust Center

Procurement artifacts, in one place.

Whitepaper, SIG-Lite pre-fill, BAA template, PCI responsibility matrix, MSA template, SOC 2 interim letter, customer references. Most arrive same business day after an NDA.

Security whitepaper

Request

How Ultiblob secures customer workloads end-to-end: encryption, identity, network, audit, incident response. 14 pages.

Request this artifact

SIG-Lite questionnaire (pre-filled)

Request

Our standard SIG-Lite answers pre-filled and signed. Drop into your vendor risk review.

Request this artifact

BAA template

Request

Our standard HIPAA Business Associate Agreement. Customer-redlinable; signed at engagement.

Request this artifact

PCI-DSS responsibility matrix

Request

Customer-vs-Ultiblob responsibility split across the 12 PCI-DSS sections. Used by tax firms and payment-handling SaaS.

Request this artifact

MSA template

Request

Our standard Master Services Agreement (Delaware-governed). Customer-redlinable. 90-day exit window included.

Request this artifact

SOC 2 Type II report (interim letter)

Under NDA

Auditor confirmation that the SOC 2 Type II engagement is underway with our chosen firm. Final report Q3 2026; current letter available under NDA.

Request this artifact

Customer reference request

Request

Talk to an existing Ultiblob customer in your industry. References available in healthcare, finance, and AI startup verticals.

Request this artifact

Why nothing is auto-downloaded. Procurement artifacts include legal language we want to track on a per-recipient basis (NDA acknowledgement, redline history, version pinning). Email requests get a same-business-day response with the artifact plus a short cover note from a senior engineer.

For broader posture (SOC 2 status, HIPAA controls, PCI statement), see the Trust & Compliance overview.

Compliance self-assessment

SOC 2 readiness check.

Trust services criteria. 8 questions. Roughly 3 minutes. Your answers stay in your browser — nothing is sent.

01
Security (CC6)TSC CC6.1 / CC6.2
Are logical access provisioning + revocation completed within a defined SLA, with evidence?
02
Security (CC7)TSC CC7.2 / CC7.3
Are production systems monitored 24/7 with defined response SLAs for security alerts?
03
Change mgmt (CC8)TSC CC8.1
Are production code changes peer-reviewed and approved before deployment, with audit trail?
04
Availability (A1)TSC A1.1 / A1.2
Are uptime SLOs measured and reported to customers, with documented incident handling?
05
Confidentiality (C1)TSC C1.1 / C1.2
Is sensitive data classified, encrypted at rest + in transit, and retention policies enforced?
06
Risk mgmt (CC3)TSC CC3.1
Is a formal risk assessment performed at least annually with documented mitigations?
07
Vendor mgmt (CC9)TSC CC9.2
Are vendor security reviews completed before onboarding and refreshed annually?
08
BCP (A1.3)TSC A1.3
Is the business continuity / DR plan tested at least annually with documented results?
0 of 8 answered · current score 0%
Speed up your review

Pre-fill your vendor risk questionnaire on a single call.

Send us your standard VRQ and we'll return it pre-filled, signed, and dated. Most teams finish vendor onboarding in days, not quarters.