How It Works For Organisations For Practitioners Partnerships Governance Contact Login โ†’
Governance & Trust

We govern ourselves the way
we govern your data.

Every governance standard TIS Holdings applies to client outputs — data lineage, audit trails, access control, classification — applies equally to our own platform, our own infrastructure, and our own data practices.

POPIA Compliance

Information Officer structure.

Information OfficerDr. Terry Ramabulana, CEO
Deputy Information OfficerMathilda (Internal)
Compliance emailcompliance@tisholdings.com
PAIA ManualEffective 16 February 2026 — view
Privacy PolicyView Privacy Policy
SOC 2 & Security

Continuously monitored.

TIS Holdings uses DRATA for continuous SOC 2 compliance monitoring and automated evidence collection across 15+ security integrations. SOC 2 readiness is not a point-in-time exercise — it is a continuous operational state.

Our SOC 2 compliance posture covers: access control, availability, change management, incident response, logical and physical security, risk management, and vendor management. Evidence is collected automatically and is available for review by qualified procurement and audit counterparties on request.


No Data Without Lineage

Every record answers six questions.

Before any record is used in an agent output, a client report, or a disclosure, it must answer all six. Without complete answers, the record is not used.

Who

Created or last modified this record.

What

Purpose or regulatory claim this record supports.

When

It was created or last changed.

Where

It lives in the architecture — database, table, relationship.

Why

It exists in its current form — the regulatory mandate.

How

It was derived, inferred, or calculated — methodology chain.


Data Architecture

Infrastructure built for defensibility.

LayerComponentGovernance Role
Catchment substrateNeon PostgreSQL + pgvectorRegulatory corpus, embeddings, sector profiles. South African data sovereignty maintained. Full audit log on every read and write.
Agent orchestrationIBM watsonx OrchestrateMulti-agent workflow governance. Output validation. Quality assurance gate on every agent interaction.
Environmental dataIBM EnviziEmissions calculations and carbon baselines. Independently verified factors. ISSB S2-ready output.
Compliance monitoringDRATAContinuous SOC 2. Automated evidence. 15+ security integrations. Always-on posture.
CDN & edge securityCloudflareDDoS protection, WAF, bot management, certificate management for all TIS Holdings domains.
Operational endpointsAWS LambdaProduction agent endpoints (GHG, Regulatory Compliance) running under DRATA audit scope.

Questions on compliance or data governance?

Contact the Information Officer