DataVisuals Trust Center
Vendor-evaluation transparency for Decision Governance™. Examination alignment, security architecture, policy library, legal agreements, and the subprocessor list — for InfoSec, compliance, and procurement teams at community financial institutions.
Regulatory Examination Alignment
Documentation aligned with NCUA Letter 18-CU-09, FDIC FIL guidance, OCC Bulletin standards, and the FFIEC IT Examination Handbook. Each due-diligence area maps to specific artifacts; access tier indicates whether registration or an access request is required.
| Due-Diligence Area | Trust Center Artifact | Access |
|---|---|---|
| Financial Condition Audited financials, capitalization |
Available upon request under NDA | Restricted Request access |
| Business Experience & Background Company overview, principals, references |
Regulatory Due Diligence Packet (DV-CMP-001) | Gated Register |
| Information Security Program InfoSec policy, access control, classification |
Information Security Policy (DV-POL-001), Access Control Policy (DV-POL-004), Data Classification (DV-POL-005), Platform Security Architecture (DV-PLT-001) | Gated Register |
| Technology & Architecture Multi-tenancy, data isolation, lifecycle |
Platform documentation suite (DV-PLT-001 through DV-PLT-005) | Gated Register |
| Operational Resilience BCP/DR, availability, incident history |
BCP/DR Plan (DV-POL-003, restricted), SLA & Availability (DV-PLT-004, public), platform status page | Mixed Register |
| Data Handling & Privacy Classification, retention, lifecycle, privacy |
Data Classification Policy (DV-POL-005), Tenant Data Lifecycle (DV-PLT-003), Privacy Policy (DV-POL-011) | Gated Register |
| Regulatory Compliance Mapping SRM, SIG Lite, NCUA/FDIC/OCC alignment |
Shared Responsibility Matrix (DV-CMP-002), SIG Lite Pre-Fill (DV-CMP-003) | Gated Register |
| Incident Notification Detection, escalation, customer notification timelines |
Incident Response Plan (DV-POL-002) with defined notification timelines | Restricted Request access |
| Contractual Protections Service terms, data processing, NDA |
EULA, NDA, DPA Template (DV-CMP-004, draft) | Public Legal index |
| Subprocessor Management Third-party services, change notification |
Published subprocessor list with 30-day advance change notification | Public View list |
Access tiers: Public — readable without registration. Gated — registration plus NDA acknowledgment. Restricted — gated access plus an admin-approved access request stating the evaluation purpose.
Trust Center Sections
End-to-end controls across infrastructure, platform, and application layers — including authentication, tenant isolation, encryption, and access control.
Read overview →Document library inventory and dual-regulator examination support (NCUA + FDIC/OCC).
Read framework →EULA, NDA, DPA template, and Privacy Policy — version-stamped canonical home.
View agreements →Current availability, historical uptime, and incident history for Decision Governance™.
View status →Third-party services that process Decision Governance™ client data, with change-notification commitments.
View list →All client data processed and stored in the United States (Digital Ocean NYC region; SOC 2 Type II infrastructure).
For CFI Compliance Teams
Register for portal access to download the Regulatory Due Diligence Packet, SIG Lite Pre-Fill, Shared Responsibility Matrix, and the complete policy library. Supports both NCUA examination requirements (NCUA Letter 18-CU-09 and FFIEC IT Examination Handbook) and FDIC/OCC vendor management standards.