Audit-ready,
by design.
SOC 2 control evidence tracking, GDPR Article 30 ROPA, DSR workflow with 30-day SLA, Article 33 72-hour breach notification, audit-log SIEM streaming, subprocessor registry, and DPA signing.
SOC 2 Type II · Trust Services
Period: 1 Jan 2026 → 30 Jun 2026
Controls. Evidence. Audit period.
Every Trust Services criterion mapped to OfficeBlink controls. Auto-collected technical evidence, manual workflow for the rest. Auditor-friendly export.
- CC + A + C + PI criteria mapped
- Auto-collected technical evidence
- Manual evidence workflow with owner
- Continuous evidence collection
- Auditor-friendly bundle export
- Audit period configuration
SOC 2 Type II · Trust Services
Period: 1 Jan 2026 → 30 Jun 2026
A live record of processing activities.
No more annual ROPA spreadsheet. Every processing activity, its legal basis, recipients, retention, and cross-border transfers — auto-discovered from the platform and surfaced for the DPO.
- Auto-discovered processing activities
- Legal basis per activity
- Recipient and sub-processor mapping
- Retention policy per data category
- Cross-border transfer registry
- Annual review reminder
Article 30 ROPA
30-day SLA, end-to-end.
Access, rectification, erasure, portability, restriction, objection — each with a workflow that locates the data, compiles the bundle, reviews internally, and delivers within statutory deadlines.
- Identity verification step
- Auto-locate data subject across modules
- Compile export bundle (machine-readable)
- Internal review with sign-off
- Delivery and receipt confirmation
- SLA timer with alerts
DSR · Right to Access
Article 33 timer starts on detection.
A breach record opens at detection. The 72-hour countdown is visible to everyone involved. Notification templates, supervisory authority directory, and Article 34 data subject notification — all built in.
- 72-hour countdown from detection
- Triage workflow with scoping
- Supervisory authority directory
- Notification template per jurisdiction
- Article 34 affected data subject notice
- Post-mortem template
Article 33 — 72-hour notification
Detected breaches start the clock automatically.
Every event, every actor, into your SIEM.
Audit logs stream to S3, HTTPS, or Kafka in JSON / NDJSON / CEF. Native consumers for Splunk, Datadog, Sumo Logic, and Elastic.
- S3 / HTTPS sink / Kafka topic
- JSON · NDJSON · CEF
- Actor, action, resource, tenant, IP
- Replayable from the dashboard
- Splunk · Datadog · Sumo · Elastic
- Custom shape via outbound transformer
Audit-log SIEM stream
Every event, every actor — streamed to your SIEM.
A trust page buyers can actually use.
The full subprocessor list, their purpose, region, and change history. DPA signing self-serve. Plus the latest SOC 2 letter under NDA.
- Live subprocessor registry
- Region and purpose per processor
- 30-day change notification subscription
- Standard DPA with SCC annex
- Self-serve DPA signing
- SOC 2 / pen-test letters under NDA
Subprocessor Registry
Compliance, answered.
Pass your next security review in a week.
See SOC 2 evidence, GDPR ROPA, DSR workflow, and breach timers in one walkthrough.
