{"organization":{"name":"Reglyze","slug":"reglyze","country":"FR","sector":"digital_providers","headcount":5,"memberSince":"2026-04-07T17:06:49.115Z"},"compliance":{"score":"85.7","assessmentDate":"2026-04-07T17:18:36.358Z","controls":[{"controlId":"21.2.d.1","implementationScore":2,"documentationScore":3,"severity":"medium","notes":"DPAs signed with all critical vendors. Annual review cadence documented."},{"controlId":"21.2.d.2","implementationScore":3,"documentationScore":3,"severity":"medium","notes":"Hetzner ISO 27001, Cloudflare ISO 27001/SOC 2, Stripe PCI-DSS Level 1, GitHub SOC 2. Documented."},{"controlId":"21.2.e","implementationScore":3,"documentationScore":2,"severity":"high","notes":"TLS 1.3 everywhere, container isolation, defense-in-depth. Documented in Information Security Policy."},{"controlId":"21.2.e.1","implementationScore":3,"documentationScore":3,"severity":"high","notes":"Vulnerability Management Policy documented. Dependabot weekly. Public security.txt."},{"controlId":"21.2.f","implementationScore":2,"documentationScore":2,"severity":"medium","notes":"Quarterly self-review schedule documented. Compliance score tracked over time."},{"controlId":"21.2.g","implementationScore":2,"documentationScore":2,"severity":"low","notes":"Cyber hygiene baseline documented for current team."},{"controlId":"21.2.g.1","implementationScore":3,"documentationScore":2,"severity":"low","notes":"MFA, password manager, encrypted devices, no admin local accounts. Documented."},{"controlId":"21.2.h","implementationScore":3,"documentationScore":3,"severity":"high","notes":"Cryptography Policy documented. TLS 1.3, bcrypt, encryption at rest."},{"controlId":"21.2.i","implementationScore":2,"documentationScore":3,"severity":"medium","notes":"HR Security and Access Control policies documented."},{"controlId":"21.2.i.1","implementationScore":2,"documentationScore":3,"severity":"low","notes":"HR Security Policy documented."},{"controlId":"21.2.i.2","implementationScore":3,"documentationScore":3,"severity":"high","notes":"App-level RBAC. SSH key-only. Access Control Policy documented."},{"controlId":"21.2.i.3","implementationScore":2,"documentationScore":3,"severity":"medium","notes":"Asset Management Policy documented. Inventory via Hetzner/Cloudflare consoles."},{"controlId":"21.2.j","implementationScore":3,"documentationScore":3,"severity":"high","notes":"MFA on all critical systems. SSH keys only. Documented in Access Control Policy."},{"controlId":"21.2.a","implementationScore":2,"documentationScore":2,"severity":"medium","notes":"Risk-aware engineering practices documented in Information Security Policy."},{"controlId":"21.2.b","implementationScore":2,"documentationScore":3,"severity":"high","notes":"Formal Incident Response Plan documented and approved."},{"controlId":"21.2.c","implementationScore":2,"documentationScore":3,"severity":"medium","notes":"Business Continuity Plan documented covering backup, DR, and crisis management."},{"controlId":"21.2.c.1","implementationScore":3,"documentationScore":3,"severity":"medium","notes":"Hetzner managed daily DB backups, 7-day retention. Documented in Backup/DR plan. Restore tested."},{"controlId":"21.2.c.2","implementationScore":2,"documentationScore":3,"severity":"high","notes":"DR procedure documented in Backup/DR plan. First restore drill executed."},{"controlId":"21.2.c.3","implementationScore":2,"documentationScore":3,"severity":"high","notes":"Crisis comms plan documented in BCP. Founder + emergency contacts defined."},{"controlId":"21.2.d","implementationScore":3,"documentationScore":3,"severity":"medium","notes":"5 critical suppliers documented with criticality and data shared. Supply Chain Security Policy in place."},{"controlId":"21.2.g.2","implementationScore":2,"documentationScore":2,"severity":"low","notes":"Founder baseline training documented. Will scale on first hire."}]},"suppliers":[{"id":"ee71a19b-77f9-46d7-99b0-5b76aec3474e","name":"Hetzner Online GmbH","serviceType":"Cloud infrastructure / hosting","criticality":"critical","dataShared":"All application data, customer accounts, encrypted backups"},{"id":"48885ec6-f16d-4bf4-8fb1-ba84c20449fd","name":"Cloudflare","serviceType":"CDN, DNS, WAF, TLS termination","criticality":"critical","dataShared":"All HTTP/S traffic metadata, no plaintext payloads"},{"id":"5e0492e9-7618-4227-b09e-d866a535ffaa","name":"Anthropic","serviceType":"AI/LLM (Claude API for document generation)","criticality":"high","dataShared":"Customer organization context for document generation prompts"},{"id":"980f5386-f276-4109-9249-2696bc7a06db","name":"Stripe","serviceType":"Payment processing and billing","criticality":"high","dataShared":"Customer billing details, subscription metadata"},{"id":"f45443e8-dc58-4d82-b1e2-6685ed3ca71f","name":"GitHub","serviceType":"Source code hosting and CI/CD","criticality":"high","dataShared":"Source code, deployment secrets via Actions"}],"documents":[{"type":"cryptography_encryption","title":"Reglyze Cryptography Policy","status":"draft","updatedAt":"2026-04-07T17:12:39.182Z"},{"type":"vulnerability_management","title":"Reglyze Vulnerability Management Policy","status":"draft","updatedAt":"2026-04-07T17:12:39.152Z"},{"type":"access_control","title":"Reglyze Access Control Policy","status":"draft","updatedAt":"2026-04-07T17:12:39.151Z"},{"type":"hr_security","title":"Reglyze HR Security Policy","status":"draft","updatedAt":"2026-04-07T17:12:39.105Z"},{"type":"business_continuity_plan","title":"Reglyze Business Continuity Plan","status":"draft","updatedAt":"2026-04-07T17:12:39.103Z"},{"type":"asset_management","title":"Reglyze Asset Management Policy","status":"draft","updatedAt":"2026-04-07T17:12:38.972Z"},{"type":"backup_disaster_recovery","title":"Reglyze Backup and Disaster Recovery Plan","status":"draft","updatedAt":"2026-04-07T17:12:38.939Z"},{"type":"incident_response_plan","title":"Reglyze Incident Response Plan","status":"draft","updatedAt":"2026-04-07T17:09:13.654Z"},{"type":"supply_chain_security","title":"Reglyze Supply Chain Security Policy","status":"draft","updatedAt":"2026-04-07T17:09:13.574Z"},{"type":"information_security_policy","title":"Reglyze Information Security Policy","status":"draft","updatedAt":"2026-04-07T17:09:03.484Z"}]}