Free 30-min discovery call CT · NY · MA · RI · nationwide
+1 (888) 555-0142 hello@skyviewlabs.ai book 30-min call →
~/trust $ cat security.md

Security and compliance, documented.

This page is for procurement officers, compliance teams, and security reviewers. Everything here is designed to support a serious due diligence process.

~/trust $ ls attestations/

Facility attestations

Skyview Labs operates from Tier III TierPoint colocation facilities in Marlborough, Massachusetts and Chicago, Illinois. These facilities are audited annually and maintain the following attestations and registrations:

Attestation
SOC 1 Type II
Attestation
SOC 2 Type II
Attestation
SOC 2 + HITRUST
Attestation
HIPAA / HITECH
Attestation
GLBA
Attestation
PCI DSS v4.0
Attestation
NIST SP 800-53 Rev. 5
Attestation
ISO 27001:2022
Attestation
ITAR
Attestation
EU–US Data Privacy Framework

Facility attestation reports are available to clients under NDA as part of a due diligence process.

// Note on ct-01: We also operate an on-premises server room at our Connecticut office. It has on-site generators and redundant connectivity, but it is not a Tier III audited colocation facility and does not carry the attestations listed above. Workloads with HIPAA, SOC 2, PCI, or public-sector procurement requirements run exclusively in mrl-01 or chi-01. CT-01 is used for development, staging, internal tooling, and regional capacity. Every engagement scope documents which facility hosts which component.

~/trust $ cat structure.md

Company structure

Skyview Labs is a DBA (doing business as) of Spectrum Virtual, a Cheshire, CT-headquartered IT services organization that has been running production systems for businesses, regulated operations, and public-sector clients since 2013. Spectrum Virtual is the legal entity behind every Skyview engagement contract — including MSAs, SOWs, BAAs, DPAs, and NDAs.

We surface this on the trust page because procurement teams should — and do — ask. The structural reality:

  • Parent / legal entity: Spectrum Virtual
  • Brand / DBA: Skyview Labs
  • Founded: 2013
  • Headquarters: Cheshire, CT
  • Microsoft partnership: Microsoft Cloud Solution Provider (CSP) Indirect Reseller — license procurement, tenant management, and bundled billing for M365, Copilot, Power Platform, and Azure
  • Hosting footprint: Marlborough, MA (TierPoint Tier III) · Chicago, IL (TierPoint Tier III) · Cheshire, CT (Spectrum Virtual HQ server room)
  • Dedicated AI engineering team: Two senior practitioners, with names and bios published at /team
  • Shared operations team: The Spectrum Virtual NOC, security operations, network engineering, and helpdesk — operating since 2013

Engagement continuity questions ("what happens if Skyview Labs disappears in 18 months?") have a structural answer: Spectrum Virtual doesn't disappear. The legal entity behind your contract has been operating for over a decade and is the same team running production systems for our existing managed-services client base.

~/trust $ cat posture.md

Skyview Labs' own security posture

Skyview Labs operates an internal security program aligned to SOC 2 and ISO 27001 controls at the application and operations layer. Formal corporate-level attestation is on our roadmap. We are transparent about this distinction because procurement teams should — and do — ask.

Clients requiring formal attestation as a gating criterion should be aware of this and are welcome to discuss what compensating controls or contractual commitments would support their engagement.

~/trust $ ls controls/

Architectural controls

Network security

All public surfaces are fronted by Cloudflare Tunnels. No open inbound ports at our data center edge. Edge WAF, DDoS mitigation, and bot management applied in front of every request.

Workload isolation

Per-client Kubernetes namespaces. No shared inference across clients. Resource limits enforced.

Access control

Zero-trust administrative access using identity provider integration. MFA required. Role-based permissions scoped to the minimum required for each engineer's responsibilities.

Secrets management

Client secrets managed in encrypted stores. Access scoped to the services that require them. Rotation on defined schedules.

Data handling

Client data stays in the private cloud by default. External API integrations (when present) are documented, scoped, and disclosed in the engagement scope.

Logging and audit

Application, infrastructure, and security logs retained for audit. Content of AI interactions logged per client policy — some clients require extensive logging for compliance, others require minimal retention for privacy.

~/trust $ ls docs/

Documentation available for review

  • Security architecture overview document specific to the proposed engagement.
  • Data flow diagram and narrative covering every component, integration, and data path.
  • Subprocessor list naming every third-party service touched by the engagement.
  • Incident response overview.
  • Business continuity overview.
  • Facility attestation letters (under NDA).

Request documentation at trust@skyviewlabs.ai.

~/trust $ ls agreements/

Agreements available

  • Standard Master Services Agreement
  • Business Associate Agreement (for HIPAA-covered engagements)
  • Data Processing Agreement (for engagements with GDPR or state-privacy-law implications)
  • Non-Disclosure Agreement (mutual, prior to substantive discussions)
~/contact $ open

Security or procurement question?

For security, compliance, or procurement inquiries, contact trust@skyviewlabs.ai or use our general contact form.

Email trust@skyviewlabs.ai Contact form