Security diligence

Riggr provides a high-level description on the public site. Tier 1 buyers usually complete deeper review under NDA. Do not claim ISO 27001 or SOC 2 unless your organisation has an audited attestation or a leadership-approved roadmap with dates.

Data residency

The target is UK / EEA processing for customer and workforce data (with UK GDPR as the primary compliance frame), and primary support aligned to UK programmes. Map your actual subprocessors (hosting, messaging, finance integrations, AI providers if enabled) and document any elements outside the UK/EEA honestly in the data processing summary and customer DPA.

Deployment model: Riggr is a multi-tenant cloud service. Near-term roadmap does not require separate-tenant marketing emphasis; dedicated or stronger isolation may be evaluated for named enterprise contracts — ask during diligence rather than assuming a fixed catalogue SKU.

What we typically provide under NDA

• Completed security questionnaire (your template or a standard SIG-style questionnaire).
• Architecture overview — logical diagram, identity model, and data flows relevant to the Riggr platform.
• Penetration testing summary or full report — subject to redaction policy.
• Incident response and breach notification commitments — in the customer DPA as agreed.

Governance context

For access control and audit expectations at a business level, see Governance & audit.