Enterprise-grade security. NDA-first. No exceptions.
We sign your NDA before the first discovery call. Your intellectual property, business logic, and data are protected from the very first conversation. No exceptions, no delays.
Compliance
| Framework | Status | Markets |
|---|---|---|
| ISO 9001:2015 | Certified | Global — Quality Management |
| ISO 22301:2019 | Certified | Global — Business Continuity |
| SOC 2 Type II | On roadmap | US, Canada |
| HIPAA | Aware — BAA available on request | US Healthcare |
| GDPR | Aligned* | EU, UK |
| APPI | Aligned* | Japan |
| PDPA | Aligned* | Singapore |
| Privacy Act 1988 | Aligned* | Australia |
| PIPEDA | Aligned* | Canada |
| Decree 13/2023 | Aligned* | Vietnam |
“Certified” means NKKTech Global has been audited by an accredited third-party certification body and currently holds the corresponding ISO certificate; see the certificate panel below for cert numbers and verification links.
* “Aligned” means our policies, technical controls, and operational practices are designed to meet the principles and obligations of the listed framework. For these frameworks we have not yet completed an independent third-party certification audit; a SOC 2 Type II program is on our roadmap and timing depends on enterprise customer demand. We issue customer-specific representations only after engagement, NDA, and (where required) a signed Data Processing Agreement.
Active Certifications
NKKTech Global Joint Stock Company holds the following third-party ISO certifications. Click the verify link to confirm each certificate directly with the issuing body.
Quality Management Systems
Business Continuity Management Systems
Certified entity: NKKTECH GLOBAL JOINT STOCK COMPANY — 5th Floor, NewSkyLine Building, Lot CC2, Van Quan – Yen Phuc New Urban Area, Ha Dong Ward, Hanoi City, Vietnam. Original certificates available on request under NDA.
100% yours. Full IP transfer upon delivery. No vendor lock-in. All source code, documentation, and assets are transferred to you at project completion.
<4 hour response time for critical security issues. Dedicated escalation path. Post-incident reports within 24 hours.
Responsible Disclosure
We welcome reports from independent security researchers. Please email [email protected] with a clear description, reproduction steps, and the affected URL or endpoint; the inbox is monitored by the team and routed to the security lead. A machine-readable disclosure policy is published at /.well-known/security.txt per RFC 9116.
Deep Dive · 21 min read
5,000-word engineering playbook covering implementation patterns for each framework, cross-border data transfer architecture, audit log requirements, right-to-explanation and erasure operationalization, EU AI Act risk categories, and a pre-production compliance checklist you can hand to your auditor.
Read the full compliance playbookLet's discuss your compliance needs on a free 30-minute call.