Compliance Center

Security & Compliance Program

Policies, risk register, and vendor assessments that govern how EcoService Pro protects customer data. This page is maintained by EcoPowerHub AI LLC for prospects, auditors, and internal review. For disclosures contact engmartin@ecopowerhub.ai.

Vendor Risk Assessment — Template

Use this template for every new sub-processor before production data touches them, and re-run annually.


1. Vendor identity

  • Name:
  • Website / product:
  • Service provided to EcoService Pro:
  • Data classes shared: ☐ Public ☐ Internal ☐ Confidential (PII) ☐ Restricted (secrets)
  • Data residency:
  • Sub-processor list URL:

2. Contract & legal

  • ☐ Master Services Agreement / ToS on file
  • ☐ Data Processing Agreement (DPA) signed
  • ☐ Standard Contractual Clauses (SCCs) if EU/UK data leaves EEA
  • ☐ Business Associate Agreement (if PHI — N/A for EcoService Pro today)
  • Renewal date:

3. Security posture

  • ☐ SOC 2 Type II report reviewed (date: )
  • ☐ ISO 27001 certificate reviewed
  • ☐ PCI DSS AoC (if payments)
  • ☐ Public security page / trust portal URL:
  • ☐ Encryption at rest (algorithm):
  • ☐ Encryption in transit (TLS version):
  • ☐ MFA available and enforced on our tenant
  • ☐ Audit log / access log accessible to us

4. Operational

  • Uptime SLA:
  • Historical uptime (last 12 mo):
  • Incident notification SLA:
  • Support tier & response time:
  • Data export / portability:

5. Data lifecycle

  • What we send:
  • What we retrieve:
  • Retention on vendor side:
  • Deletion process on termination:

6. Risk scoring (reuse register: L × I)

| Aspect | L | I | Score | | --- | :-: | :-: | :-: | | Data exposure | | | | | Availability | | | | | Lock-in | | | | | Compliance | | | | | Overall | | | |

7. Decision

☐ Approved ☐ Approved with compensating control ☐ Rejected

  • Compensating controls:
  • Reviewer:
  • Approver (CEO / Security Lead):
  • Approval date:
  • Next review date:

Version-controlled source of truth for this document lives in the project repository. Material changes are reviewed by the Security Lead and approved by the CEO.