This page is for procurement, legal, and vendor-risk reviewers. It states current posture plainly, including where certifications do not yet exist.
If you’re filling out a vendor questionnaire (SIG, CAIQ, custom), the Security Questionnaires section is the right place to start.
1. SOC 2 — Current Posture
Cedar Hills Group is not SOC 2 certified today. Certification is on the roadmap. No committed date.
In the interim, this site documents the controls a SOC 2 Type II report would cover, so a reviewer can map them to their own framework. The relevant Trust Service Criteria and where they’re addressed:
| TSC | Where addressed |
|---|---|
| Security (access controls, encryption, vuln mgmt) | Authentication & Access, Data Handling & Logging, Code & Supply Chain |
| Availability (operational redundancy) | Deployment & Operations; single-tenant, per-customer isolation |
| Confidentiality (limiting access to sensitive info) | Read-only design, table whitelist on PS side, encryption at rest for credentials. See Security & Trust. |
| Processing Integrity (system processing is complete, valid, accurate) | Query results are not transformed; reports are deterministic given fixed input; no write path to PS |
| Privacy (handling of personal info) | Data Handling & Logging → Personal Data (PII) |
This map is not a SOC 2 report; it is a vendor-side description of controls. We will fill out your SIG, CAIQ, or in-house questionnaire and return it (see below).
2. GDPR and Personal Data
- psLens does not persist PeopleSoft user PII. There is no stored copy of employee, operator, or HR records.
- psLens does process PeopleSoft user PII at request time when users search Users / OPRIDs / EMPLIDs. Data is rendered to the browser and discarded.
- For GDPR purposes, the customer (the PeopleSoft owner) is the controller; psLens / Cedar Hills Group is the processor.
What this means in practice:
| Topic | psLens posture |
|---|---|
| Data Processing Agreement (DPA) | Available on request as part of the contract |
| Sub-processors | See Sub-Processors below |
| International data transfers | Self-hosted: you choose. Managed: you choose the fly.io region at provisioning. |
| Data subject access requests | Source data is in PeopleSoft; the customer handles requests at the source of record. psLens has nothing persisted to deliver or delete. |
| Right to erasure | Same. psLens stores no PS user PII to erase. |
| Audit / records of processing | Request-level logging is in your container runtime; SWS-side query log on the PS side. See Data Handling & Logging → Audit Logging. |
For CCPA, the answer mirrors GDPR: psLens does not “sell” data, does not retain data, and processes only at request time.
3. Data Residency
| Deployment | Where data lives |
|---|---|
| Managed on fly.io | The fly.io region you choose at provisioning. Cedar Hills Group does not move data between regions. |
| Self-hosted | Wherever you run the container: your cloud, your on-prem, or your air-gapped network |
| Air-gapped | Fully supported. psLens does not require outbound internet at runtime beyond reaching your SWS endpoint. |
There is no shared multi-tenant backend, so there is no place for data to “leak” into a different region by accident.
4. Sub-Processors
The sub-processor list depends on the deployment mode you choose:
| Deployment | Sub-processor | Why |
|---|---|---|
| Managed (any) | fly.io | Application hosting |
| Managed or self-hosted with magic-link auth | Your chosen SMTP provider (or Cedar Hills Group’s, if not specified) | Delivering one-time auth codes |
| All | GitHub (GHCR) | Image distribution; only at docker pull time, not at runtime |
Self-hosters who don’t use magic-link auth have no Cedar Hills Group sub-processors at runtime. You run the infrastructure end to end.
The specific SMTP provider used by default for managed deployments is named during contracting so it can be reviewed against your vendor list.
Notification of sub-processor changes is provided in the DPA and in writing to deployment contacts.
5. Contract, SLA, and Termination
| Topic | Posture |
|---|---|
| Contract length | Negotiated per customer; typical terms discussed on the demo call |
| SLA (managed) | Uptime targets and support response targets are disclosed during contracting |
| Support | Setup assistance included; ongoing support terms in the agreement |
| Termination & data return | All customer state lives in the per-customer /data volume. On termination, you can take a final tarball before the instance is destroyed. Self-hosters keep everything by definition. |
| Pricing | Per-customer dedicated deployment; details on the demo call or via chris.malek@cedarhillsgroup.com |
| Liability and insurance | Commercial general liability and cyber policy details available on request during contracting |
6. About Cedar Hills Group
Cedar Hills Group is a PeopleSoft consultancy. The same team that built the SWS framework (the bounded REST API that psLens uses to talk to PeopleSoft) builds psLens, so the access path psLens uses is one we control end to end.
What this means for vendor reviewers:
- The team has run real PS environments for real customers and built psLens out of that operational need.
- Cedar Hills Group is reachable and contactable; this is not a self-service SaaS where you can’t get a human on a call. See contact.
More on the company: cedarhillsgroup.com.
7. Business Continuity: What Happens If Cedar Hills Group Goes Away
A fair question in any vendor review:
- You keep the Docker image you’re running. GHCR can rotate tokens or change ownership; the image you’ve already pulled keeps working. Pin to a specific
vMAJOR.MINOR.PATCHand you have an indefinite-life binary. - Self-hosting works without Cedar Hills Group infrastructure. No runtime callback, no license check, no cloud control plane. If our domain disappeared tomorrow, every self-hosted instance keeps running.
- Managed deployments could be migrated to self-hosted. All state is in the per-customer
/datavolume. Cedar Hills Group commits to providing the volume and configuration on termination so you can restart it on your own infrastructure. - Source escrow. Available on request for enterprise contracts.
Together: a binary you already hold, a portable data volume, and (on enterprise contracts) source escrow. That is the answer to “what is our exposure if the vendor goes away.”
8. Security Questionnaires
We complete the following questionnaires on request as part of an evaluation:
- SIG Lite. Standard short form.
- SIG Core. Long form.
- CAIQ (Cloud Security Alliance). For cloud-shape reviews.
- Your own custom questionnaire. Preferred, since it asks what your team actually cares about.
To kick this off, email chris.malek@cedarhillsgroup.com with the questionnaire attached, or raise it on the demo call.
For questions that are common across questionnaires, the answer often already lives in one of the pages below. Cross-referencing those pages in your questionnaire response is encouraged.
Related
- Security & Trust. The higher-level picture.
- Code & Supply Chain. What code runs, dependency posture.
- Authentication & Access. Login model, SSO.
- Data Handling & Logging. PII, encryption, audit.
- Deployment & Operations. Backup, residency, DR.