Overview
Many Scrums.com clients operate in regulated industries — FinTech, Banking, Insurance, Healthcare — where compliance is not optional. SEOP is designed to support common regulatory requirements and provide the documentation, audit trails, and controls that regulated businesses need.
Supported compliance frameworks
Scrums.com engineering teams and delivery processes are aligned with the following frameworks on the Enterprise plan:
| Framework | Applicability |
|---|
| SOC 2 Type II | Data security and availability |
| ISO 27001 | Information security management |
| GDPR | Data protection for EU/UK data subjects |
| POPIA | Data protection for South African data subjects |
| PCI DSS | Payment card industry data security (advisory) |
Compliance framework alignment applies to the Enterprise plan. Standard and Recommended plans include baseline security controls but may not satisfy the full requirements of regulated audits.
Compliance support in practice
Audit-ready delivery documentation — Sprint records, delivery reports, and change logs are retained and exportable. All delivery activity within SEOP is timestamped and attributable.
Secure development practices — Engineers follow OWASP secure coding standards. SonarCloud is used for continuous vulnerability scanning across all managed codebases.
NDA management — Scrums.com provides South African and International NDA options, managed digitally through the platform. NDAs are executed before engineers access client systems or code.
Vendor risk assessment support — Enterprise clients can request a completed vendor risk questionnaire from Scrums.com’s compliance team.
Data residency
Enterprise clients can specify data residency requirements — for example, requiring that delivery data and client code remain within a specific geographic region. Contact your Enablement Partner to discuss data residency options during onboarding.
Requesting compliance documentation
To request compliance documentation (SOC 2 report, ISO 27001 certificate, completed vendor risk questionnaire), contact legal@scrums.com or raise the request through your Enablement Partner.
