Vendor Due Diligence Packet
A consolidated counterparty disclosure pack for institutional clients evaluating JIL Sovereign Technologies, Inc. as a vendor. The packet is organized to mirror the document inventory a top-tier corporate counsel or vendor risk team would request before approving a Master Services Agreement, Business Associate Agreement, or Data Processing Agreement.
Tier 1 - Contracts and Counterparty Documents
The base contractual stack the Company offers institutional counterparties. The MSA + DPA travel together; the BAA layers on top when Protected Health Information is in scope.
Combined MSA + DPA covering scope of services, license grant, fees, term and termination, IP ownership, indemnity, limitation of liability, data processing roles, and standard contractual clauses.
AvailableHIPAA Business Associate Agreement governing the Company's processing of PHI on behalf of a Covered Entity customer. Tracks 45 CFR §164.504(e) and the Breach Notification Rule.
In flightExecuted AWS BAA establishing AWS as the only PHI subprocessor under the Company's customer-facing BAA chain.
AvailableCurrent and authorized subprocessors with category of processing, region, and BAA status. Updated whenever the inventory changes.
Tier 2 - Privacy and Security Policies
The Company's published privacy posture and the executive summary of the Information Security Program. Internal policy detail beyond what appears here is released under NDA.
Public privacy notice covering collection, processing, retention, transfer, and individual-rights handling across the Company's institutional and consumer surfaces.
AvailablePublished one-page executive summary of the ISO 27001-aligned ISMS. Full policy set (24 documents) is released under NDA.
AvailableExecutive summary of the §164.308(a)(1)(ii)(A) Risk Analysis. Full assessment with vendor-specific findings is released under NDA.
AvailableEnd-to-end flow of Protected Health Information across the Mode A, Mode B, and Mode C deployment options, with tokenization and re-identification boundaries marked.
AvailableCISO-signed attestation to the NIST SP 800-53 Rev. 5 Moderate baseline and NYDFS 23 NYCRR Part 500 voluntary compliance posture.
Tier 3 - Operational Controls and Continuity
How the Company runs the service and what the customer can expect when something goes wrong.
Published summary of the Company's IR plan including PHI breach detection, customer notification SLAs, and the post-incident review and lessons-learned process.
AvailableRTO 4 hours, RPO 1 hour. Multi-region failover architecture, tabletop cadence, and customer-impact comms procedure.
AvailableTemplate SLA covering availability commitments, response times by severity tier, support model, and service credit schedule.
Tier 4 - Compliance Attestations
Third-party-validated reports and certifications. Items in flight show their issuance window; the in-flight status is itself useful diligence signal because it shows the work is engaged with assessors, not deferred.
Counsel-grade SIG Lite-format response covering 130 questions across 18 domains. Annual refresh; current revision is dated May 3, 2026.
In flight12-month observation period engaged. Expected issuance Q3 2027. Type I bridge letter available on request prior to Type II issuance.
In flightEngagement letter signed; readiness work in progress. Expected issuance Q4 2026. Internal i1 readiness checklist available under NDA.
In flightExternal annual penetration test scheduled. Executive summary released to customers within 60 days of completion.
Tier 5 - Litigation Readiness Templates
For customers whose use of the platform may produce records intended for civil or criminal evidentiary use, the Company maintains canned templates that records-custodian counsel can adapt to a specific matter without rebuilding the foundation.
Records-custodian declaration adapted to FRE 902(11) (business records) and 902(14) (electronic records) self-authentication standards. Permits introduction without live testimony.
AvailableCustodian attestation tracking each Court Ready Evidence Bundle (CREB™) from creation through transfer, anchored to the Company's L1 audit ledger.
AvailableProcedure for receipt, scope review, customer notice, hold issuance, and production of records in response to subpoenas, court orders, and regulatory requests.
AvailableSample clause language for inclusion in the customer MSA establishing scope, frequency, notice period, cost allocation, and confidentiality of audit findings.
Tier 6 - Financial and Insurance
Required by most enterprise procurement to satisfy counterparty financial risk and supply-chain due diligence.
$5M per occurrence / $10M aggregate target. Policy binding pending; COI distributed to existing customers on bind and on annual renewal.
In flightProfessional liability cover, $5M per claim target. Policy binding pending.
On requestStandard counterparty financial-onboarding documents. Released to procurement under NDA upon request.
On requestInternally reviewed financials available under NDA. Audited statements scheduled to follow the Series A close.
Counsel point of contact
For redline negotiations, requests for documents marked On request, or any item not addressed by this packet.
General Counsel and Compliance
JIL Sovereign Technologies, Inc.
Email: legal@jilsovereign.com
Submit inquiry: /connect
Information Security and HIPAA
Office of the CISO
Email: ciso@jilsovereign.com
NDA template available on request.
Procurement and Vendor Management
Vendor Operations
Email: vendor-ops@jilsovereign.com
Response SLA: 2 business days for first acknowledgment.