Trust center

Everything an auditor would ask us on day one, in one place.

Attestations and certifications

Simple Intelligence is pursuing the following attestations for Simple Council:

  • SOC 2 Type 2 — Type 1 readiness assessment in progress; Type 2 observation window planned for the second half of 2026.
  • ISO/IEC 27001 — gap assessment scheduled.
  • Microsoft Solutions Partner for Security — active.
  • Microsoft Intelligent Security Association — application planned post-GA when three joint customers are live.

Customers under non-disclosure may request a copy of the most recent readiness report at trust@simpleintelligence.io.

Blueprint coverage

Simple Council ships blueprints for ISO 42001, EU AI Act, NIST AI RMF, HIPAA, HITRUST, FFIEC, SR 11-7, FINRA, CMMC L2, FEDRAMP, and SOC 2. Custom blueprints are available on Growth and above.

Engineering practices

  • Multi-tenant isolation asserted in CI on every change via the §18 Playwright suite (a canary agent in a second tenant must never appear in the first tenant's pages or in the auditor export).
  • Every operator action writes an AuditLog row; every MCP call writes a McpAudit row.
  • Evidence is append-only and SHA-256 chained per (agent, control). Chain breaks are surfaced at the top of every auditor export.

Coordinated disclosure

Email security@simpleintelligence.io. We acknowledge within two business days and aim to publish a fix within 90 days of validated reports.