SaaSDossier

What a SaaS Vendor Security Evidence Dossier Looks Like — Free Example

A SaaSDossier™ record covers 55 fixed fields across 10 domains — identity, attestations, privacy, encryption, hosting, access, incident response, subprocessors, AI governance, and secure development. Each field is marked Documented or is marked Question surfaced for review. The free OpenAI Public Edition shows the exact format end to end.

Two states. No third. No judgment.

Documented

The field was found in the vendor's published sources, quoted and cited in the vendor's own words.

Question surfaced

Not identified in the vendor-published sources reviewed. This does not establish absence of the control.

Free example · What's inside

Evidence ledger

All 55 fields across 10 domains, each recorded in one of two states, with the vendor's own words quoted and cited where Documented.

Source register

Every vendor-published page reviewed, listed with its URL, so each line traces back to where it was found.

Integrity record

A SHA-256 record so the released document can be confirmed unchanged.

Vendor question pack

The Questions surfaced, gathered as ready-to-send follow-ups for your procurement or security conversation.

47 Documented8 Questions surfacedof 55

The OpenAI Public Edition is free and complete. Read all 55 fields →

Frequently asked

Can I see the format before I buy?
Yes. The OpenAI Public Edition is free and complete — the same 55-field framework, evidence ledger, source register, and integrity record as every Licensed Edition. The clearest way to inspect the format before licensing a vendor dossier.
What is a SaaSDossier?
A SaaSDossier is a finished PDF record of what a software vendor publishes about its security, privacy, and compliance — the vendor's own record, made reviewable. Every field is either Documented, with the vendor's words quoted and cited, or a Question surfaced for you to raise. It is one structured, source-linked document, not a folder of raw links.
What do “Documented” and “Question surfaced” mean?
Those are the only two states. Documented means the field was found in the vendor's published sources, quoted and cited. Question surfaced means: “Not identified in the vendor-published sources reviewed. This does not establish absence of the control.” It is a prompt for your own follow-up, never a judgment.
Where does the evidence come from?
Only from the vendor's own published pages — trust and security centers, privacy and legal pages, data-processing terms, status pages, and subprocessor lists. Every line traces to a source, and each dossier carries a SHA-256 integrity record. No third-party articles or opinions are used as evidence.
Disclaimer. SaaSDossier is independent documentation research. It is not an audit, certification, rating, legal opinion, vendor approval, or substitute for professional vendor-risk, legal, procurement, GRC, vCISO, or security review.

Related references