Delve Trust Center
Delve is a compliance automation company focused on helping organizations maintain strong security and regulatory practices. Our mission is to simplify compliance by reducing the manual, repetitive work that traditionally slows teams down. We believe transparency, secure operations, and clear accountability are essential to building trust with our customers and partners.
Compliance
Resources
SOC 2 Type II Report
ISO 42001 Certificate
Data Protection and Encryption Policy
Company Handbook
Data Classification Policy
Controls
System Media Access Control Procedure
System Media Access Control Audit
Password rules enforced
Secure, unique authentication required for infrastructure access
Quarterly user access reviews performed
Portable Storage Ownership Accountability Test
Portable Storage Device Security Assessment
Backup Confidentiality Assurance Procedure
Data encrypted at rest
Encryption in transit over public networks
Secure Media Transportation Audit
Secure connection means utilized
External Attack Surface Vulnerability Scanning & Remediation
Web application firewalls configuration
Code of Conduct acknowledged by contractors
Anti-malware monitoring
Intrusion detection tool
Automated system capacity and performance monitoring
Infrastructure firewall
Centralized Log Collection and Monitoring
System Security Incident Documentation Evaluation
Incident Response Capability Assessment
Organizational Incident Handling Capability Assessment
Business continuity plans ensure emergency functionality
Business continuity & disaster recovery plans documented and tested
Visitor sign-in, badging, and escort policy
Documented HIPAA Security Rule policy acknowledgment
Automated decision-making policy
Internal GDPR compliance assessments performed
Authenticator Management Security Audit
Technology assets inventoried
Periodic Logged Event Re-evaluation
Log Review Process
Logical Session Termination Test
Change and tamper-detection mechanisms
Annual risk assessments performed
Documented Vendor Management Program
Comprehensive Risk Assessment Procedure
Age verification and parental/guardian consent process enforced
Consent for processing captured via explicit opt-in mechanisms
Endpoint Security Program Awareness
Confidentiality Agreement acknowledged by employees
Security awareness training implemented
Background checks performed on contractors
Background checks performed on employees
Records of Processing Activities (RoPA) maintained
Multi-availability zones
PCI DSS program charter established, maintained, reviewed
Defined and maintained ISMS scope
Baseline Configuration Maintenance Test
Lawful basis assessment
Organizational Security Control Assessment
External System Security Assessment
Alternate Worksite Security Assessment
Build a Controls Responsibility Matrix (CRM)
Media Sanitization and Disposal Procedure
Media Usage Restriction Verification
System Media Security Marking Test
"Flow Down" Contracts
Subprocessors
AnthropicAI & ML Services
CloudflareNetwork & Edge Security
RailwayCloud Infrastructure & Platform Services
AWSCloud Infrastructure & Platform Services