fastpace trust portal
Attestations

Where we are on certifications

Honest about timing. We will not claim certifications we don't hold. Reports are available under NDA on completion; request an evidence package to receive a signed copy. Source data: packages/trust-portal/src/data/attestations.json (last updated 2026-04-29).

Framework Status Target Scope & notes
SOC 2 Type I in progress Q3 2026 Self-hosted org dashboard infrastructure (the only fastpace-operated component)
Audit initiated; report available under NDA on completion.
SOC 2 Type II planned Q1 2027 Same as Type I plus a 6-month operating period
Follows successful Type I closure.
ISO/IEC 27001 planned Q2 2027 fastpace org dashboard infrastructure
ISO/IEC 42001 planned Q4 2027 AI management system — fastpace as both subject and tooling
Industry-first if achieved at this timeline.

Self-mapped framework coverage

Distinct from external attestations: fastpace ships a validated mapping doc tying every primitive to controls in NIST AI RMF, ISO/IEC 42001, EU AI Act, SOC 2, ISO 27001, and GDPR. Each row points at the artifact that demonstrates the control.

How to read it

External attestations (above) certify the operating environment. The mapping certifies what each fastpace install does. fastpace aibom generate --release <tag> produces the per-release attestation envelope (CycloneDX-AI flavor) that goes into a regulated software supply chain alongside SBOMs. fastpace gate check --format github drops straight into a GitHub Actions workflow to block merges that lack provenance, audit-chain integrity, or a fresh AI-BOM.

Need a security questionnaire answered?

We answer CAIQ, SIG Core, SIG Lite, VSA, and custom questionnaires under NDA. Turnaround under 5 business days. See all questionnaires or email security@fastpace.net.