- Scope
- Applicable where Google Cloud services are selected for the engagement.
- Supports
- Provider documentation for cloud security, compliance, infrastructure controls and service-specific assurance.
Delivery assurance
Trust & Delivery Centre
Page version
v3
Last reviewed
22 June 2026
Scope
Delivery-partner engagements
Review support
Requestable per engagement
Overview
What this page covers.
| Public position | Beyond Data is a data and software developer, delivery partner and reseller for analytics, automation and AI/data projects. We scope, configure, integrate, document and hand over solutions. |
|---|---|
| System boundary | Beyond Data does not operate a general-purpose hosted SaaS platform or system of record for client data. The relevant data boundary is set by the client environment and the selected platform. |
| Provider evidence | Where Google Cloud, BigQuery, AgileData or another managed platform is in scope, provider-controlled assurance material can support review of that platform. It is not a Beyond Data certification. |
| Access model | Access is agreed per engagement, scoped to delivery need, and normally provisioned through client or platform-controlled identity and permission models. |
| Review output | Security, procurement and governance reviewers can request an engagement-specific summary, responsibility matrix and supporting artefacts. |
This page is a public index, not a certification claim. Signed engagement documents take precedence where a scope, statement of work or security schedule sets more specific responsibilities.
Evidence
Evidence and limits.
| Evidence | What it supports | What it does not prove |
|---|---|---|
| Trust centre overview | Initial reviewer understanding of Beyond Data's role, scope and delivery boundaries. | It is not a contract, audit report, certification or substitute for an engagement-specific security review. |
| Engagement scope or statement of work | The actual role, deliverables, data sources, access needs, acceptance criteria and handover obligations. | It does not certify the client environment, the platform provider or any work outside the agreed scope. |
| Shared responsibility matrix | Which party owns identity, hosting, operations, support, approvals, data definitions and delivery controls. | It does not transfer provider controls to Beyond Data or remove the client's ownership of its systems and data. |
| Solution architecture notes | Review of data flows, integrations, platform boundaries, assumptions and operational handover. | It is design evidence for the engagement, not a standing platform architecture for every Beyond Data project. |
| Provider assurance references | Review of a selected provider's controls, compliance posture, platform features and documentation. | It does not mean Beyond Data is certified by, endorsed by, or a formal partner of that provider. |
| Security questionnaire response | Client procurement or security questions answered in the context of the proposed work. | It should not be read as a generic SaaS vendor assessment unless the engagement actually includes a hosted service. |
Platform references
Provider documentation used where relevant.
Logos below are used as platform evidence markers, not endorsement badges. The reviewer pack should identify which platform actually applies to the engagement before relying on provider documentation.
BigQuery
- Scope
- Applicable where BigQuery is used as the analytics warehouse or processing layer.
- Supports
- Review of BigQuery product documentation and provider-controlled capabilities in the selected architecture.
- Scope
- Applicable where AgileData is in the proposed delivery or reseller scope.
- Supports
- Review of the AgileData platform role, including its Google Cloud Ready - BigQuery listing where relevant.
Responsibilities
Shared Responsibility Matrix
| Area | Client | Cloud or platform provider | Beyond Data |
|---|---|---|---|
| Source systems and business data | Owns systems, data, approvals and business definitions. | Provides the platform controls where data is hosted or processed. | Maps, transforms and uses data only within the agreed engagement scope. |
| Identity and access | Approves users, roles and access windows. | Supplies identity, logging and permission features for the platform. | Requests only the access required for delivery and handover. |
| Infrastructure security | Confirms infrastructure requirements and constraints. | Operates cloud, network, physical and platform security controls. | Designs within the agreed platform and documents relevant assumptions. |
| Solution design and delivery | Confirms requirements, acceptance criteria and operating model. | Provides platform capabilities, service terms and support channels. | Designs, configures, integrates, tests, documents and hands over the solution. |
| Operations after handover | Owns day-to-day operation unless a support agreement says otherwise. | Maintains the managed platform service. | Provides agreed transition, documentation and post-delivery support. |
Security review
How we support review.
1
Classify the engagement
Confirm whether Beyond Data is acting as advisor, implementer, reseller, platform delivery partner, or support provider.
2
Confirm data and platform scope
Identify source systems, data classes, hosting location, platform provider and any client security constraints.
3
Document responsibilities
Prepare the project-specific responsibility split across client, provider, platform partner and Beyond Data.
4
Provide reviewer material
Supply the assurance summary, architecture notes, provider references and questionnaire responses that match the engagement.
5
Close open questions
Resolve procurement, legal, privacy and security questions before delivery commitments are finalised.
Review material
Available on request.
| Artefact | Purpose | Availability |
|---|---|---|
| Engagement assurance summary | Plain-English summary of role, scope, platform, data handling and review contacts. | Prepared per engagement |
| Shared responsibility matrix | Shows which party owns each control, operating activity and handover responsibility. | Prepared per engagement |
| Solution architecture notes | Documents data flows, platform boundaries, integrations and key assumptions. | Available where design is in scope |
| Platform assurance references | Links to relevant Google Cloud, BigQuery, AgileData or other provider assurance resources. | Available where the platform is in scope |
| Security questionnaire response | Answers client procurement or security review questions in the context of the proposed work. | Available on request |
| Handover and operating notes | Explains how the delivered solution is maintained, supported and transferred after delivery. | Included where delivery is in scope |
Reviewer material is scoped to the proposed work. Requests are triaged against the engagement model, selected platform, data classes and client procurement requirements.
Delivery practices
How we work during delivery.
- Security, privacy and data handling assumptions are discussed during scoping, before implementation decisions are locked.
- Access is requested for a defined purpose and reviewed against the work required.
- Production credentials and secrets stay in client or platform-controlled tooling.
- Configuration, transformations and delivery artefacts are documented so the client can operate the solution.
- Incidents, anomalies and access issues are raised through the agreed engagement channel.
Scope
What this page does and does not claim.
While Beyond Data adheres to many practices required for SOC 2 and ISO 27001, this page should not be read as a certification claim by Beyond Data. It explains how we handle assurance for delivery-partner engagements where client data, platform controls and implementation responsibilities are shared across parties.
For clients requiring certified environments, we design delivery around certified cloud or platform providers where appropriate, and document the shared responsibility model for the engagement. We do not claim Google Cloud's, AgileData's or any other provider's certifications as our own.
If a client requires a particular certification, contractual security schedule or formal vendor assessment, that requirement should be raised during scoping so the engagement can be structured correctly.
Page details
Version and review.
| Document owner | Beyond Data |
|---|---|
| Page version | v3 |
| Last reviewed | 22 June 2026 |
| Scope | Delivery-partner trust centre |
| Change trigger | Material change to delivery model, platform scope, provider evidence or public positioning |