Compliance and certifications
Last updated Mar 31, 2026
MultiClaw's security and privacy controls align with ISO 27001, 27017, 27018, 27701, and ISO 22301. Each standard's status and scope is noted below, along with SOC 2, penetration testing, and procurement documentation details.
To request audit documentation or ask about certification timelines, email legal@multiclaw.io.
Alignment vs certification
"Aligned" means MultiClaw's controls follow a standard's methodology and requirements, but MultiClaw has not undergone a formal third-party certification audit against that standard. Alignment reflects an active, internal effort to meet each standard's control objectives.
For procurement teams evaluating MultiClaw as a vendor, you can request a controls matrix mapping MultiClaw's practices to specific ISO control objectives. Email legal@multiclaw.io for the current matrix or the audit roadmap.
Standards summary
| Standard | What it covers | MultiClaw status |
|---|---|---|
| ISO/IEC 27001:2022 | A framework for managing risks to information assets through policies, controls, and continuous improvement | Aligned. Not formally certified — email legal@multiclaw.io for the audit roadmap. |
| ISO/IEC 27017:2015 | Extends ISO 27001 with cloud-specific controls for shared responsibility, virtual machine hardening, and data isolation | Aligned |
| ISO/IEC 27018:2019 | Controls for how cloud providers handle personal data, including consent, transparency, and data portability | Aligned |
| ISO/IEC 27701:2019 | Extends ISO 27001 with privacy controls that support GDPR and other data protection regulations | Aligned |
| ISO 22301:2019 | Business continuity management: ensures critical services can continue during and recover from disruptions | Incident response and recovery planning aligned |
| GDPR | EU/UK data protection regulation governing personal data collection, processing, storage, and data subject rights | DPAs available on request. See Data processing agreement. |
SOC 2
MultiClaw is evaluating a SOC 2 Type II audit covering the security, availability, and confidentiality trust service criteria. No audit has been commissioned or started.
SOC 2 Type II measures how effectively controls operate over a sustained observation period. When an audit begins, the timeline and scope will be shared with customers who request it.
To discuss MultiClaw's current security posture or future audit plans, email legal@multiclaw.io.
Penetration testing
An independent security firm conducts regular penetration tests against MultiClaw's cloud infrastructure and application layer.
Summary reports are available to Enterprise customers under a mutual non-disclosure agreement (NDA). Contact legal@multiclaw.io to request access.
Procurement documentation
If your organisation requires a completed security questionnaire before purchasing, MultiClaw supports these formats:
- VSA (Vendor Security Assessment)
- SIG (Standardised Information Gathering Questionnaire)
- CAIQ (Consensus Assessments Initiative Questionnaire)
Email legal@multiclaw.io to request a completed questionnaire. Include the format you need and your target review date so the team can prioritise accordingly.
A Software Bill of Materials (SBOM) is not yet available. Email legal@multiclaw.io to enquire about SBOM availability and timeline.
Related articles
Terms of service
A plain-language summary of MultiClaw's Terms of Service covering your rights, your data, and key policies.
Privacy policy
A plain-language summary of what data MultiClaw collects, how it is used, and how to exercise your privacy rights.
Data processing agreement
How to request a DPA, what it covers, and when it is required.