Compliance Reporting for Internal Audits
If your organisation undergoes internal or external audits, you may need documentation from Progressive Robot about our practices, security, and service delivery. This article explains what we can provide.
What We Can Provide
- Service level performance reports: Uptime statistics, incident history, SLA compliance over a specified period
- Security documentation: Our information security policy summary, data processing practices, subprocessor register
- Data Processing Agreement: Formal DPA as required for GDPR compliance evidence
- Penetration test reports: Summary reports from pen tests conducted on your systems (third-party reports shared with your consent)
- Change management records: Log of all changes deployed to your production environment over a specified period
- Access control records: Confirmation of who in our team has access to your systems and at what level
- Business continuity summary: Overview of our BC/DR measures relevant to services provided to you
How to Request
Contact your Account Manager with a list of specific documentation required. Provide the audit timeframe and any audit standards the documentation must meet (e.g. ISO 27001, Cyber Essentials, SOC 2 equivalent, FCA requirements). We will confirm what we can provide and within what timeframe.
Audit Questionnaires
Many auditors send standard questionnaire forms (often dozens of questions). Send these to your Account Manager, who will route them to the appropriate internal team. Allow at least 5 business days for completion. More complex questionnaires (e.g. full ISO 27001 supplier assessments) may take up to 15 business days.
Onsite Audit Rights
Your MSA includes standard audit rights allowing you to verify our compliance. Any planned audit should be agreed in advance with your Account Manager. Reasonable notice (10 business days minimum) and agreed scope are required.