|

Datagrasp

Datagrasp is a Governance, Risk, Compliance, and Security (GRCS) platform designed to help organizations, especially healthcare providers, MSPs/MSSPs, and small-to-mid-sized businesses — simplify compliance, manage cybersecurity risks, and meet regulatory requirements with confidence.

Overview

This Trust Center provides an overview of Datagrasp’s security, privacy, and compliance practices.

It is intended to promote transparency and support customer and partner due diligence by outlining how risk is managed, data is safeguarded, and regulatory expectations are addressed.

The information presented summarizes progress across 3 compliance framework(s), third-party risk oversight covering 5 vendor(s), and 16 documented security and compliance policies.

The most recent compliance report was published in February 2026.

These efforts reflect an ongoing commitment to responsible data stewardship and continuous improvement.

Compliance

ISO/IEC 42001:2023
Complete
NIST CSF 2.0
Complete
PCI-DSS 4.0 SAQ A
Complete

Subprocessors

  • Amazon Web Services (AWS) • Cloud Provider
  • Cloudflare, Inc. • CDN
  • DeHashed • Deep Web Asset Search Engine
  • MXToolBox • Network Diagnostic Tool
  • OpenAI, L.L.C. • API Provider

 

Reports

  • Cybersecurity Assurance Report • February 2026
  • Assurance Report • November 2025

Policies

  • Acceptable Use Policy • October 2025
  • Asset Management Policy • October 2025
  • Audit Policy • October 2025
  • Business Continuity & Disaster Recovery Policy • October 2025
  • Change Management Policy • October 2025
  • Encryption Policy • October 2025
Show all (10 more)
  • Identity & Access Management (IAM) Policy • October 2025
  • Incident Response Policy • October 2025
  • Information Security Policy • October 2025
  • Network Management Policy • October 2025
  • Physical Security Policy • October 2025
  • Remote Work Policy • October 2025
  • Risk Management Policy • October 2025
  • System Development & Procurement Policy • October 2025
  • Vendor Management Policy • October 2025
  • Vulnerability Management Policy • October 2025

A status of “Complete” indicates that applicable compliance areas are up to date at the time of assessment. A status of “In Progress” indicates that one or more items require attention. “In Progress” does not necessarily indicate non-compliance. For example, an annual policy review that is overdue does not imply non-compliance if reviews are otherwise conducted regularly.

This Trust Center is provided for transparency and informational purposes. It is intended for customers, partners, and other stakeholders with sufficient context to understand its scope. Some content may be generated or assisted by automated or AI-based systems to improve clarity and consistency. Datagrasp continuously reviews and refines this information as part of its commitment to accuracy and trust.