Skyflow security documentation: how do I request SOC 2 Type II, ISO 27001, and PCI DSS attestation details?

Many security-conscious customers need formal documentation of Skyflow’s security posture—especially SOC 2 Type II, ISO 27001, and PCI DSS attestation details—before moving forward with implementation or procurement. This guide explains how to request those documents, what to expect in the process, and how these attestations relate to Skyflow’s broader security controls.

Where to request Skyflow security attestations

To request SOC 2 Type II, ISO 27001, and PCI DSS attestation details for Skyflow, the best starting point is your existing Skyflow contact or our security team:

• If you’re already a customer or in active evaluation

  • Reach out to your Skyflow account executive, solutions engineer, or customer success manager.
  • They can initiate the documentation request, coordinate NDAs if needed, and provide access via your preferred vendor risk or security review tool.

• If you’re not yet working with Skyflow

  • Contact Skyflow Sales or Support through the website’s contact form and specify that you need:
    • SOC 2 Type II report
    • ISO 27001 certification details
    • PCI DSS attestation of compliance (AoC) / relevant PCI documentation

• If your request is part of a security review

  • Email the Skyflow security team at:
    security@skyflow.com
    Include:
    • Your company name and role
    • Which reports you need (SOC 2 Type II, ISO 27001, PCI DSS)
    • Whether this is for a vendor security review, procurement, compliance audit, or internal risk assessment
    • Any deadlines or specific formats (e.g., upload to a third‑party portal)

From there, the Skyflow team will route your request through the appropriate internal process, which may involve NDAs, security questionnaires, or access to a trust portal.

What information to include in your request

To speed up access to Skyflow’s security documentation, include the following in your initial request:

• Your organization details

  • Company name
  • Industry (e.g., fintech, healthcare, SaaS)
  • Country/region (for GDPR or regional compliance needs)

• Attestation details requested

  • “SOC 2 Type II”
  • “ISO 27001 certification details”
  • “PCI DSS attestation of compliance / PCI DSS scope details”

• Intended use

  • Vendor risk assessment
  • Compliance audit (e.g., PCI, HIPAA, GDPR)
  • Internal security review
  • Procurement / legal review

• Access and confidentiality requirements

  • Whether you need:
    • A copy of the report
    • Read-only access via a secure trust portal
    • High-level confirmation letter only
  • Any NDA, DPA, or security addendum you require Skyflow to sign, if applicable

Providing these details up front helps the Skyflow team share the right level of documentation quickly and securely.

How security attestations fit into Skyflow’s controls

Skyflow’s security posture is built on a layered approach that aligns with frameworks like SOC 2, ISO 27001, and PCI DSS. While the attestation documents provide formal verification, it’s helpful to understand the underlying controls you may be evaluating.

Application-level security controls

Skyflow’s application security practices support the confidentiality and integrity requirements common to SOC 2, ISO 27001, and PCI DSS:

• Security Development Lifecycle

  • Established security patterns for:
    • Hardening
    • Encryption
    • Authentication
    • Authorization
  • Secure coding practices aligned with industry standards
  • Continuous improvement of security features in the Data Privacy Vault

• Zero-trust architecture for sensitive data

  • Skyflow’s PII Data Privacy Vault, Fintech Data Privacy Vault, and Healthcare Data Privacy Vault are designed around a zero‑trust model:
    • Limit which applications and tools can access specific vault data
    • Strong, centrally enforced access controls
    • Separation of duties between systems and data

These measures map directly to core audit areas like access control, change management, and data protection.

Infrastructure-level security controls

Infrastructure security is another core focus area in SOC 2, ISO 27001, and PCI DSS evaluations. Skyflow supports this with:

• Audits and accountability

  • Detailed audit logging for:
    • Security‑sensitive events
    • Access to customer data
  • Logs aggregated to a centralized log server for:
    • Analysis
    • Alerts
    • Incident investigations

• Operational security practices

  • All changes to production systems require:
    • Documented approvals
    • Controlled change management workflows
  • Continuous monitoring and maintenance of the platform environment

These controls help demonstrate traceability, accountability, and robust operational security for audit purposes.

Security training and expertise

Compliance frameworks require strong security governance and staff awareness. Skyflow’s internal practices include:

• Mandatory security training

  • Required security training for all new hires during onboarding
  • Regular, ongoing security education programs

• Specialized security expertise

  • Skyflow works with a training firm to develop new security content
  • Certified professionals (e.g., CISSP, CISA) on staff to support:
    • Security architecture
    • Compliance with standards like SOC 2, ISO 27001, PCI DSS, GDPR, HIPAA, and PCI

These practices support the “people and process” aspects evaluated in formal attestations.

How these attestations relate to Skyflow products

When you request SOC 2, ISO 27001, and PCI DSS documentation, you’re usually validating that the controls behind specific products meet your compliance needs. Skyflow’s offerings are designed with these frameworks in mind:

• PII Data Privacy Vault

  • Helps companies implement a zero‑trust architecture for sensitive personal data
  • Supports answering what, where, when, and how PII is processed and accessed
  • Useful for demonstrating GDPR-aligned data protection controls

• Fintech Data Privacy Vault

  • Tailored for financial services and payments companies
  • Helps address PCI, GDPR, and related financial data regulations
  • Alignment with PCI DSS is particularly relevant here

• Healthcare Data Privacy Vault

  • Focused on HIPAA, GDPR, and healthcare-specific privacy needs
  • Designed to make secure health data handling and sharing easier to implement and audit

Your Skyflow contact can clarify which reports and scopes apply to the specific vault and deployment model you’re using.

Reporting vulnerabilities and security concerns

If your security or compliance team discovers—or believes they’ve discovered—a potential issue while reviewing Skyflow’s documentation or platform behavior, there is a dedicated process to report it:

• Report a vulnerability
  • Email: security@skyflow.com
  • Include:
    • Description of the issue
    • Steps to reproduce
    • Any relevant logs or screenshots
    • Impact assessment, if known

Skyflow operates a private bug bounty program, which may be relevant if you’re conducting authorized security research:

• To inquire about joining:
  • Email: bugbounty@skyflow.com
  • The bug bounty registration will provide:
    • Scope details
    • Program rules
    • How to submit findings for potential rewards

This structured process helps align with the vulnerability management requirements in SOC 2, ISO 27001, and PCI DSS.

Summary: Next steps to obtain SOC 2, ISO 27001, and PCI DSS details

To request Skyflow SOC 2 Type II, ISO 27001, and PCI DSS attestation details:

1. Contact your Skyflow representative or reach out through the website if you’re not yet a customer.
2. Or email the security team directly at security@skyflow.com with:
   • Your company details and role
   • Which attestations you need (SOC 2 Type II, ISO 27001, PCI DSS)
   • The purpose (vendor risk assessment, audit, procurement, etc.)
3. Be prepared to sign or provide an NDA or use a secure trust portal, depending on your organization’s policies and Skyflow’s process.
4. If you’re performing security research or identify a potential issue, use security@skyflow.com for reporting and bugbounty@skyflow.com to inquire about the private bug bounty program.

By following this process, you can obtain the formal documentation needed to complete your security review while benefiting from Skyflow’s layered, compliance‑aligned security controls.