Procurement diligence · honest scope

Trust center for AI Governance & Evidence

Metadata-only Microsoft 365 processing. Export bundles fail closed on tamper. No custody, payment rails, or certifier claims — Available · Planned · Out of scope only.

Metadata-only M365Fail-closed export

Procurement diligence

What legal and security reviewers need to see

Honest Available · Orientation · Planned · Out of scope — what legal, security, and procurement reviewers inspect before pilot sign-off.

Metadata-only M365

Purview · Entra · audit indices — evidence index on every TLE, no mailbox custody.

Available

Fail-closed export

Board PDF and procurement ZIP fail verification when tampered — by design.

Available

EU + US regulatory orientation

EU AI Act Art. 12 · NIST AI RMF · ISO 42001 mapping — orientation only, not certifier claims.

Orientation

Ed25519 transparency log

Cryptographic receipt chain — planned product capability.

Planned

SOC 2 Type II

Independent audit planned — not yet completed.

Planned

No custody rails

No payment execution, MSB, asset custody, or money-transmission claims.

Out of scope

Data handling

Metadata-only M365 connectors

Purview · Entra ID · audit log indices — no mailbox content custody. See Privacy and Canada trust notes.

Data handling summary
SurfacePosture
M365 mailbox / content custodyOut of scope
Purview · Entra · audit metadata indexAvailable
Subprocessor list & retentionOrientation

Export integrity

Fail closed on tamper

Board PDF and procurement ZIP include integrity checks. Walkthrough: offline verify guide.

1

Export bundle

Board PDF + procurement ZIP + manifest from workspace or pilot tenant.

2

Verify PASS

Unmodified bundle returns export_integrity: PASS.

3

Tamper FAIL

Any alteration fails verification — by design for procurement reviewers.

Honest certification posture

Available · Planned · Out of scope

We produce governance artifacts — not company ISO/SOC certification claims.

Certification and capability posture
Control / capabilityPosture
TLE v1 + workspace UIShipped
Export integrity fail-closedShipped
M365 metadata-only processingShipped
Board PDF + procurement ZIPShipped
Framework citations (NIST · ISO orientation)Orientation
SOC 2 Type IIPlanned
ISO 27001 / 42001 certification (Noetfield as certifier)Out of scope
Ed25519 / Merkle transparency logPlanned

Board PDF in your next governance meeting

Non-confidential intake · include your Request ID · Copilot Governance Pack ($2k–10k · 90 days · board PDF), Trust Brief ($10k), federal or MSP lane · operations@noetfield.com