Compliance Framework
1. Our Commitment to Compliance
Provenance Software PTE LTD (UEN: 202412345A), incorporated in Singapore, is committed to maintaining the highest standards of compliance across all regulatory frameworks relevant to our operations and the VeriPass platform. As a Singapore company, we operate under Singapore law and regulations while supporting global compliance requirements for our clients.
2. Data Protection and Privacy Compliance
GDPR Compliance
Our platform adheres to the European Union's General Data Protection Regulation, ensuring proper handling of personal data for EU citizens and businesses.
PDPA Singapore
We comply with Singapore's Personal Data Protection Act, maintaining appropriate data governance for our primary jurisdiction.
SOC 2 Type II
Our security controls are audited annually to ensure the security, availability, and confidentiality of customer data.
ISO 27001
Our information security management system follows international standards for protecting sensitive information.
3. Supply Chain Regulatory Framework Support
VeriPass is designed to help organizations comply with major supply chain regulations worldwide:
EU Deforestation Regulation (EUDR)
Effective: December 30, 2024
Our platform provides comprehensive tracking and documentation to ensure commodities (cattle, cocoa, coffee, palm oil, rubber, soy, and wood) are deforestation-free and legally sourced.
Key Features:
- Geolocation tracking and mapping
- Legal compliance verification
- Due diligence documentation
- Risk assessment and monitoring
US Lacey Act
Jurisdiction: United States
VeriPass helps ensure imported products comply with laws of the country of harvest, particularly for wood and wood products.
Key Features:
- Species identification and documentation
- Country of harvest verification
- Legal sourcing certificates
- Chain of custody tracking
Environment Protection and Biodiversity Conservation Act (EPBC)
Jurisdiction: Australia
Our platform supports compliance with Australia's environmental protection requirements for imported goods.
Key Features:
- Environmental impact assessments
- Biodiversity protection verification
- Sustainable sourcing documentation
- Compliance reporting tools
Wildlife Protection Act
Scope: International wildlife trade regulations
VeriPass assists with CITES compliance and wildlife protection requirements for relevant supply chains.
Key Features:
- CITES permit tracking
- Species protection verification
- Legal wildlife trade documentation
- Endangered species monitoring
4. Industry Certifications and Standards
Our platform supports various industry certification standards:
5. Security and Technical Compliance
5.1 Information Security
- ISO 27001: Information security management system certification
- SOC 2 Type II: Annual third-party security audits
- Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
- Access Controls: Multi-factor authentication and role-based access controls
- Monitoring: 24/7 security monitoring and incident response
5.2 Cloud Security
- Infrastructure hosted on certified cloud providers (AWS, Azure)
- Regular penetration testing and vulnerability assessments
- Compliance with cloud security frameworks (CSA CCM, NIST)
- Geographic data residency options
6. Business Compliance
6.1 Corporate Governance
- Singapore company registration (UEN: 202412345A) and good standing with ACRA
- Compliance with Singapore Companies Act and corporate governance requirements
- Regular financial audits and reporting as required by Singapore law
- Board oversight and governance policies aligned with Singapore best practices
- Anti-corruption policies compliant with Singapore's Prevention of Corruption Act
- Adherence to Monetary Authority of Singapore (MAS) guidelines where applicable
6.2 Operational Compliance
- Quality management system (ISO 9001)
- Business continuity and disaster recovery plans
- Employee training and certification programs
- Vendor management and third-party risk assessment
7. Audit and Transparency
7.1 Internal Audits
We conduct regular internal audits to ensure ongoing compliance with all applicable standards and regulations.
7.2 Third-Party Audits
Annual third-party audits verify our compliance with security, privacy, and operational standards.
7.3 Compliance Reporting
We maintain detailed compliance documentation and can provide attestations and reports to customers upon request.
8. Customer Compliance Support
8.1 Documentation and Training
- Comprehensive compliance guides and documentation
- Regular webinars and training sessions
- Best practices and implementation guides
- Regulatory update notifications
8.2 Professional Services
- Compliance consulting and advisory services
- Custom implementation and integration support
- Audit preparation and support
- Regulatory interpretation and guidance
9. Continuous Improvement
Our compliance program is continuously evolving to address:
- New and changing regulatory requirements
- Industry best practices and standards
- Customer feedback and needs
- Technological advancements and security threats
- Global supply chain trends and challenges
10. Compliance Incidents and Reporting
10.1 Incident Response
We maintain a formal incident response process for any compliance-related issues, with defined escalation procedures and communication protocols.
10.2 Breach Notification
In the event of a data breach or compliance incident, we will notify affected customers and relevant authorities within the timeframes required by applicable law.
11. Contact Our Compliance Team
For compliance-related questions, audit requests, or regulatory inquiries, please contact us:
- Email: Use the contact form on our main website
- Phone: +855 15 633 310 (business hours)
- Address: Provenance Software PTE LTD, Singapore
We will respond to compliance inquiries within 5 business days of receipt.
For regulatory matters specific to Singapore operations, we maintain direct communication channels with relevant authorities including PDPC, ACRA, and other regulatory bodies as required.