> ## Documentation Index
> Fetch the complete documentation index at: https://developers.callaro.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance

> Prepare procurement and security review with compliance posture guidance, control mapping expectations, and request workflow.

# Compliance review should map controls to your deployment model.

<CardGroup cols={2}>
  <Card title="SOC 2" icon="badge-check">Control coverage and report availability are provided through formal enterprise review channels.</Card>
  <Card title="ISO 27001" icon="shield">Certification scope and applicability should be validated against your required control domains.</Card>
  <Card title="GDPR" icon="globe">Data-processing commitments and deletion workflows should be reviewed in your DPA process.</Card>
  <Card title="DPDP" icon="file-lock-2">India-specific data handling and consent workflows should be evaluated for your use case.</Card>
</CardGroup>

## Typical enterprise review package

* Security overview and architecture summary
* Data processing and retention policy references
* Access control and key-management model
* Incident response and escalation process
* Subprocessor or data-transfer documentation (as applicable)

## Customer-side control mapping checklist

| Control area            | What to validate                                      |
| ----------------------- | ----------------------------------------------------- |
| Identity and auth       | Key scopes, JWT boundaries, rotation process          |
| Data lifecycle          | Retention, deletion, export, and redaction workflow   |
| Monitoring and response | Alerting, incident escalation path, replay capability |
| Vendor governance       | Subprocessor list and transfer safeguards             |
| Business continuity     | Support path, SLA commitments, recovery procedures    |

## Request flow

<Steps>
  <Step title="Open enterprise review request">
    Submit account details, expected go-live date, and required compliance framework.
  </Step>

  <Step title="Share control questionnaire">
    Provide your procurement/security questionnaire and required evidence list.
  </Step>

  <Step title="Review responses with stakeholders">
    Validate technical, legal, and procurement acceptance criteria.
  </Step>

  <Step title="Track residual risks and approvals">
    Document any accepted risks and required compensating controls before launch.
  </Step>
</Steps>

<Note>
  If you require contract-specific commitments, coordinate with your account and legal stakeholders during formal review rather than relying on public docs alone.
</Note>

## What to do next

* Review [`./security`](./security) for technical control framing.
* Review [`./data-processing`](./data-processing) for lifecycle and transfer considerations.
* Review [`./sla`](./sla) to align incident and continuity expectations.
