soc2In progress
SOC 2 Type II
In Progress (audit Q4 2026)Type I criteria implemented. Type II audit kicked off with a qualified independent auditor; report expected Q4 2026.
DGM ONE · TRUST CENTER
One place for everything your security, legal, and procurement teams will ask.
Certifications, controls, subprocessors, status, and policy — kept current and accessible. Request gated artifacts (SOC 2 report, pen test summary, DPA) with a short NDA flow.
CERTIFICATIONS & ATTESTATIONS
Where we are on the security frameworks that matter for enterprise.
Honest status: what's in place today, what's in progress, what's on the roadmap. We don't claim badges we haven't earned.
iso27001In progress
ISO/IEC 27001:2022
Roadmap (FY26)Control framework mapped. Certification audit planned for FY26 H2 to support EU and APAC enterprise accounts.
iso9001Current
ISO 9001 QMS
AlignedQuality management practices aligned with ISO 9001 to support partner-prime QHSE programs.
gdprCurrent
GDPR & UK GDPR
CompliantDPA available on request. EU-based subprocessors with SCCs where required. DPO contact: privacy@dgmone.com.
ccpaCurrent
CCPA / CPRA
CompliantConsumer rights workflow in place. We do not sell personal data.
hipaaCurrent
HIPAA-ready
AvailableBAA available for pharma / clinical logistics customers handling regulated data.
Live status
All systems operational · 99.99% rolling 90-day uptime
CONTROLS
Operational controls in place.
The list your IT, security, and legal teams will ask about — answered up front.
- Single tenant deployments available for enterprise customers
- AES-256 at rest, TLS 1.3 in transit
- SSO via SAML 2.0 + OIDC; SCIM 2.0 for provisioning
- Role-based access control (RBAC) at module + shipment scope
- Tamper-evident audit logs with cryptographic chain
- Backups: daily encrypted snapshots, 30-day retention, geo-redundant
- Customer-managed encryption keys (BYOK) on request
- Annual third-party penetration testing
- Quarterly internal access reviews
- Vulnerability disclosure program at security.dgmone.com/vdp
DATA RESIDENCY
Where your data lives is your choice.
United States
AWS us-east-1 + us-west-2 (primary)
European Union
AWS eu-west-1 (Ireland)
Asia Pacific
AWS ap-southeast-1 (Singapore) — on request
SUBPROCESSORS
Vendors that may process customer data.
We notify customers before adding a new subprocessor. AI providers do not train on your data.
| Subprocessor | Purpose | Region |
|---|---|---|
| Amazon Web Services (AWS) | Hosting, storage, encryption | US, EU, APAC |
| Cloudflare | Edge, WAF, DDoS protection | Global |
| Stripe | Billing & subscription payments | US |
| Postmark / Resend | Transactional email | US / EU |
| Anthropic | AI classification model API (no training on customer data) | US |
| Datadog | Observability & metrics | US, EU |
| Sentry | Error monitoring | US, EU |
DOCUMENTS
Request what you need for vendor reviews.
Tell us which document and which inbox — public artifacts land within one business day. Gated artifacts (SOC 2 report, pen test summary, custom DPA) ship after a short NDA exchange.
SOC 2 Type I reportNDA
Request via NDASOC 2 Type II reportNDA
Expected Q4 2026
Available later — get notifiedPenetration test executive summaryNDA
Request via NDASecurity overview whitepaperPublic
Email me a copyData Processing Agreement (DPA)Public
Email me a copySubprocessor list (latest)Public
Email me a copyAI governance & DPA addendumPublic
Email me a copyVulnerability Disclosure PolicyPublic
Email me a copyGET A WALKTHROUGH
See DGM One on your own shipments.
Bring a real shipper's declaration. We'll show you classification, document generation, and audit export live — in under 30 minutes.