What a SaaS Vendor Security Evidence Dossier Looks Like — Free Example
A SaaSDossier™ record covers 55 fixed fields across 10 domains — identity, attestations, privacy, encryption, hosting, access, incident response, subprocessors, AI governance, and secure development. Each field is marked Documented or is marked Question surfaced for review. The free OpenAI Public Edition shows the exact format end to end.
Two states. No third. No judgment.
The field was found in the vendor's published sources, quoted and cited in the vendor's own words.
Not identified in the vendor-published sources reviewed. This does not establish absence of the control.
Free example · What's inside
Evidence ledger
All 55 fields across 10 domains, each recorded in one of two states, with the vendor's own words quoted and cited where Documented.
Source register
Every vendor-published page reviewed, listed with its URL, so each line traces back to where it was found.
Integrity record
A SHA-256 record so the released document can be confirmed unchanged.
Vendor question pack
The Questions surfaced, gathered as ready-to-send follow-ups for your procurement or security conversation.
The OpenAI Public Edition is free and complete. Read all 55 fields →
