Every governance standard TIS Holdings applies to client outputs — data lineage, audit trails, access control, classification — applies equally to our own platform, our own infrastructure, and our own data practices.
| Information Officer | Dr. Terry Ramabulana, CEO |
| Deputy Information Officer | Mathilda (Internal) |
| Compliance email | compliance@tisholdings.com |
| PAIA Manual | Effective 16 February 2026 — view |
| Privacy Policy | View Privacy Policy |
TIS Holdings uses DRATA for continuous SOC 2 compliance monitoring and automated evidence collection across 15+ security integrations. SOC 2 readiness is not a point-in-time exercise — it is a continuous operational state.
Our SOC 2 compliance posture covers: access control, availability, change management, incident response, logical and physical security, risk management, and vendor management. Evidence is collected automatically and is available for review by qualified procurement and audit counterparties on request.
Before any record is used in an agent output, a client report, or a disclosure, it must answer all six. Without complete answers, the record is not used.
Created or last modified this record.
Purpose or regulatory claim this record supports.
It was created or last changed.
It lives in the architecture — database, table, relationship.
It exists in its current form — the regulatory mandate.
It was derived, inferred, or calculated — methodology chain.
| Layer | Component | Governance Role |
|---|---|---|
| Catchment substrate | Neon PostgreSQL + pgvector | Regulatory corpus, embeddings, sector profiles. South African data sovereignty maintained. Full audit log on every read and write. |
| Agent orchestration | IBM watsonx Orchestrate | Multi-agent workflow governance. Output validation. Quality assurance gate on every agent interaction. |
| Environmental data | IBM Envizi | Emissions calculations and carbon baselines. Independently verified factors. ISSB S2-ready output. |
| Compliance monitoring | DRATA | Continuous SOC 2. Automated evidence. 15+ security integrations. Always-on posture. |
| CDN & edge security | Cloudflare | DDoS protection, WAF, bot management, certificate management for all TIS Holdings domains. |
| Operational endpoints | AWS Lambda | Production agent endpoints (GHG, Regulatory Compliance) running under DRATA audit scope. |