Assurance calendar

Concrete dates and attestations tied to SOC/ISO engagements are exchanged under NDAs—not published here.

Rolling themes

• Quarterly — payments & invoice pipeline review; ticketing vendor posture; infra upstream contract renewals synced with subprocessor governance.
• Semi-annual — access-control hygiene drills (privilege reviews, MFA policy spot checks).
• Ad hoc — coordinated disclosure intake per security disclosure; customer-visible incidents follow post-incident FAQ tone.

SOC 2 Type II questionnaires should point to stubs page unless your order references an executed attest report.