Dayos
Welcome to the Dayos Trust Center. Security, privacy, and responsible AI governance are foundational to how we build and operate. As a multinational AI technology company powering agentic automation on enterprise platforms like Oracle, SAP, and Workday, we hold ourselves to the highest standards because our customers trust us with access to their most critical business systems. Use this Trust Center to review our compliance certifications, security documentation, and policies - or request access to detailed materials.
Drata
A-LIGNDocuments
Risk Profile
Risk Profile
Dayos operates on secure, enterprise-grade cloud infrastructure with redundancy and failover designed for mission-critical workloads. Our risk management framework includes regular third-party assessments, continuous vulnerability scanning, and defined recovery objectives aligned with enterprise SLAs. Infrastructure is provisioned on Microsoft Azure with data residency options to meet regional compliance requirements across Singapore, Australia, and other operating markets.
Product Security
Product Security
The Dayos Hero platform is built with enterprise-grade security controls from the ground up. Access is governed by role-based permissions with SSO integration, MFA enforcement, and audit logging across all user and agent actions. Every agentic workflow operates within scoped permissions tied to specific ERP/HCM modules, ensuring agents can only access and act on the data required for their task. All API communications are encrypted in transit via TLS 1.2+, and customer data is encrypted at rest using AES-256.
Reports
Reports
Dayos maintains current SOC 2 Type 1, SOC 2 Type 2, and ISO/IEC 42001:2023 certification reports audited by A-LIGN. Reports are available to qualified prospects and customers under NDA. Request access through this Trust Center or contact your Dayos account representative.
Self-Assessments
Self-Assessments
Dayos has achieved SOC 2 Type 2 and ISO/IEC 42001:2023 certification through A-LIGN with compliance monitoring via Drata. We regularly complete industry-standard security questionnaires (SIG, CAIQ, VSAQ) and can provide completed assessments upon request.
Data Security
Data Security
Customer data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We enforce strict data isolation between customer environments with no cross-tenant data access. Sensitive credentials and API keys are managed through dedicated secrets management infrastructure. Data retention policies are configurable per engagement, and customer data can be fully purged on request. We do not use customer data for model training or any purpose outside the contracted scope of work.
App Security
App Security
Dayos follows secure development practices across the Hero platform and all internal applications. Our SDLC includes code review requirements, automated dependency scanning, static analysis, and container image scanning in CI/CD pipelines. We conduct regular penetration testing through third-party firms and maintain a responsible disclosure process for external security researchers.
AI
AI
Dayos is ISO/IEC 42001:2023 certified for AI Management Systems, reflecting our commitment to responsible AI governance across the full product lifecycle. The Hero platform employs four distinct reasoning strategies (Simple Feedback, ReAct, Reflection, and ReWOO) with built-in guardrails at each stage, including output validation, hallucination detection, and human-in-the-loop escalation controls. Customer data is never used for model training. All LLM interactions are logged and auditable. We maintain strict prompt injection protections and data isolation between customer environments.
ESG
ESG
As a Singapore-headquartered company operating across multiple markets, Dayos is committed to responsible corporate governance, workforce diversity, and environmental awareness in our operations. Our AI governance framework under ISO 42001 reflects our commitment to ethical AI development and deployment practices.
Data Privacy
Data Privacy
Privacy is built into our product architecture and business operations. Dayos complies with applicable data protection regulations including PDPA (Singapore) and GDPR. Customer data is processed only within the scope of contracted services, with clear data processing agreements in place. We maintain a subprocessor register available to customers and provide advance notice of any subprocessor changes.
Access Control
Access Control
Dayos enforces least-privilege access across all systems and customer environments. Internal access is governed by role-based controls with mandatory MFA, regular access reviews, and automated deprovisioning. Customer-facing agent workflows operate within scoped permissions tied to specific ERP/HCM modules and transaction types. All access events are logged and auditable.
Infrastructure
Infrastructure
Dayos is hosted on Microsoft Azure with infrastructure provisioned across enterprise-grade data centers. We leverage Azure's security controls including network segmentation, DDoS protection, and infrastructure-level encryption. Deployment environments are fully containerized with infrastructure-as-code practices ensuring consistent, auditable configurations. Data residency options are available to meet regional compliance requirements.
Endpoint Security
Endpoint Security
All Dayos corporate devices are managed with endpoint detection and response (EDR) solutions, enforced disk encryption, and automatic security patching. Our BYOD policy requires equivalent security controls for any personal device accessing company resources. Device compliance is continuously monitored and non-compliant devices are automatically restricted.
Network Security
Network Security
Dayos protects its network perimeter and internal traffic through layered controls including firewalls, intrusion detection, network segmentation, and encrypted communications. Production environments are isolated from corporate networks, and all administrative access requires VPN with MFA. We conduct regular network vulnerability assessments.
Corporate Security
Corporate Security
Dayos maintains internal security practices including mandatory security awareness training, background checks for all employees, and clear acceptable use policies. Our information security program is governed by documented policies reviewed annually and aligned with SOC 2 and ISO 42001 requirements.
Security Grades
Security Grades
Dayos monitors its external security posture through automated security rating services. Current grades and scores are available upon request.
Incident Response
Incident Response
Dayos maintains a documented incident response plan with defined severity levels, escalation procedures, and communication protocols. Our incident response process includes identification, containment, eradication, recovery, and post-incident review. Customers are notified of security incidents affecting their data within contractually defined timeframes.
Risk Management
Risk Management
Dayos operates a formal risk management program with regular risk assessments covering technical, operational, and compliance domains. Risks are tracked in a centralized register with assigned owners, mitigation plans, and review cadences. Our risk framework is aligned with SOC 2 Trust Services Criteria and ISO 42001 AI management requirements.
Asset Management
Asset Management
All Dayos assets, including hardware, software, and data assets, are inventoried and tracked through our asset management system. Assets are classified by sensitivity, assigned to owners, and subject to lifecycle management including secure disposal. Cloud resources are tagged and monitored for configuration drift.
BC/DR
BC/DR
Dayos maintains a business continuity and disaster recovery plan tested annually. Our cloud-native architecture supports rapid failover and recovery with defined RPO and RTO targets. Critical systems are backed up with geo-redundant storage. Recovery procedures are documented and validated through regular tabletop exercises.
Training
Training
All Dayos employees complete security awareness training upon onboarding and annually thereafter, covering topics including phishing, social engineering, data handling, and incident reporting. Role-specific training is provided for engineering and operations staff handling sensitive systems and customer data.
Change Management
Change Management
Dayos follows a defined change management process for all production changes. Changes require documented approval, peer review, and testing before deployment. Emergency changes follow an expedited process with post-deployment review. All changes are logged in our change management system with full audit trails.
Physical & Environment
Physical & Environment
Dayos leverages Microsoft Azure's data centers, which maintain SOC 2 and ISO 27001 certified physical security controls including biometric access, 24/7 surveillance, and environmental protections. Our corporate offices follow physical security policies covering visitor management and secure workstation practices.
Continuous Monitoring
Continuous Monitoring
Dayos continuously monitors infrastructure, applications, and security controls through automated alerting, log aggregation, and anomaly detection. Compliance monitoring is maintained through Drata with real-time control assessments. Vulnerability scans run on a regular cadence with findings triaged and remediated according to severity-based SLAs.