Request procurement pack →
More Menu
Book a call →
UPSTREAM · SECURITY
ISO 9001:2015 certified · SOC 2-ready architectures · your data, your tenancy

Your data lives
in your tenancy.

Every Upstream rebuild deploys to your cloud (AWS / GCP / Azure on accounts you own). Your code lives in your GitHub. Your data never sits on Allied BizTech infrastructure. We're a managed operator with revocable access — not a SaaS vendor holding your data hostage. Below: the security posture, certifications, and procurement-pack contents your CISO needs.

Request procurement pack →
The four pillars

Security posture, stated plainly.

01 · CODE OWNERSHIP

Your GitHub. Your repo. Your IP.

All code committed to your GitHub org from day one of the build. We use deploy keys for CI/CD — revocable from your side at any time. MSA assigns IP to you on signing. Standard MIT license unless you specify otherwise. No "our framework, our terms" lock-in.

02 · DATA RESIDENCY

Your cloud account. Your region.

Deployed to your AWS / GCP / Azure account in the region you specify. We never aggregate customer data on Allied BizTech infrastructure. For multi-region failover or strict residency (GDPR, FINMA, MAS, etc.), specify the regions during the build — we deploy accordingly.

03 · ACCESS CONTROL

Least-privilege. Audit-logged. Time-bound.

During build: scoped IAM roles. During Managed Upstream: separate ops roles, audit-logged via CloudTrail / equivalent. SSO / SCIM integration for your identity provider. Time-bound access tokens. No shared accounts, no "the engineer used to know your root password" legacy.

04 · LLM PROVIDER POSTURE

Zero-retention by default.

For builds using Anthropic Claude / OpenAI / equivalent: we set up zero-retention enterprise contracts on your accounts. Your prompts + outputs not used for training, not retained server-side. Stronger than the default posture of most third-party AI SaaS vendors (Harvey, Jasper, Spellbook, etc., who run on shared infrastructure).

Certifications + audit-readiness

Allied BizTech: ISO 9001:2015.

Below: what we're certified for, what your build is certified for, what your auditor will need.

Allied BizTech corporate

  • · ISO 9001:2015 (quality management)
  • · D-U-N-S 86-431-9607
  • · CIN U72900TN2009PTC072281
  • · PII-handling SOPs documented
  • · Annual security awareness training (all staff)

Your build (default)

  • · SOC 2-ready architecture
  • · Encryption at rest (AES-256) + in transit (TLS 1.3)
  • · Audit-logged access (CloudTrail / equivalent)
  • · Backup + restore tested per release
  • · Incident-response runbook
  • · Documented data flow (for DPIA)

Your build (premium)

  • · SOC 2 Type II audit support
  • · HIPAA-grade (PHI flow design + BAA)
  • · PCI-DSS (if handling card data)
  • · GDPR / FINMA / MAS data residency
  • · Penetration testing (3rd-party)
  • · Source-code escrow agreement

Premium certifications quoted as additional scope on the rebuild — typically $15K–$45K depending on certification scope. We work with your existing auditor, or we can recommend SOC 2 / HIPAA-experienced firms (Vanta, Drata, A-LIGN, BARR Advisory).

Data handling FAQ

Do you sign DPAs?
Yes. Standard DPA template included in the procurement pack. We're a sub-processor in your data flow only insofar as you grant access to your environment. Sub-processor list maintained for the cloud + LLM providers we deploy on (AWS, Anthropic, OpenAI, Twilio, etc.).
Do you sign BAAs (HIPAA)?
Yes, for engagements where PHI is in scope. BAA covers our access to your environment. Underlying providers (AWS, Anthropic) sign their own BAAs with you on your accounts — we coordinate the chain.
What's your incident-response process?
Documented runbook. P1 (production down): 1-hour response on Pro+ tier, 4-hour resolution target. Post-mortem within 72 hours, written and shared. Customer notified within 24 hours of any data-handling incident affecting their environment.
Where is Allied BizTech based / staffed?
India HQ (Tamil Nadu). Engineering team primarily India + UK + AU. All staff under formal employment, not contractors-without-screening. Background checks on engineers handling regulated data. Annual security awareness training (documented).
Source-code escrow available?
Yes, on request for Enterprise Managed Upstream contracts. Standard 3rd-party escrow arrangement (Iron Mountain or equivalent) so you have recovery rights if we ever cease operations. Frankly, the code is in your GitHub already — escrow is belt-and-suspenders for procurement teams who require it.

Procurement pack: one email away.

MSA template, SOW template, DPA template, BAA template, ISO 9001 certificate, insurance certificate, security white paper, sub-processor list, incident-response runbook. Sent within 1 business day.

Email procurement pack → Book security review →

Why this works: AI-paired senior engineers raise the floor on quality + consistency · 250+ products shipped · direct vendor billing — you keep the wrapper margin. → The full method

More Upstream
→ Upstream catalog → Procurement pack details → Managed Upstream SLA → About Allied BizTech → FAQ