Skip to main content
Trust Center · Compliance

Compliance and accountable service delivery

Rudrriv uses a risk-based approach to identify obligations, assign responsibility, apply practical controls, address concerns and support customer due diligence.

Risk-based controls Clear accountability Evidence-led due diligence
Compliance
Obligations
Risk assessment
Controls
Evidence
Improvement
Named ownership

Our approach

Compliance starts with the actual service, obligation and risk.

A useful compliance programme is more than a set of policies. It connects the requirements that apply to real decisions, people, systems, data, suppliers and customer commitments.

Rudrriv’s approach is intended to help teams understand what applies, who owns it, what control is expected, what evidence should exist and how concerns or exceptions are handled. The exact controls for a customer engagement depend on the agreed scope, jurisdiction, sector, information involved, delivery model and allocation of responsibility.

Customers should disclose sector-specific, licensing, public-sector, financial-services, healthcare, export-control or other specialised requirements before contracting so that feasibility, responsibilities and necessary safeguards can be assessed.

Important: This Trust Center page explains an organisational approach. It is not a legal opinion, regulatory filing, certification, audit report or promise that every listed control applies identically to every service.

Compliance principles

Six principles guide practical decisions.

These principles support consistent judgement without pretending that every service, country or customer has the same compliance profile.

Know the obligation

Applicable legal, contractual, customer and internal requirements should be identified before work begins and reviewed when the scope changes.

Prioritise by risk

Controls are intended to reflect the service, jurisdiction, data, access, financial exposure, third parties and potential impact involved.

Assign accountability

Material obligations, approvals, exceptions and remediation actions should have identifiable owners and practical escalation paths.

Retain useful evidence

Policies, approvals, reviews, training records, issue logs and other evidence should be proportionate, accurate and available when needed.

Encourage early reporting

People should be able to raise a concern, disclose a conflict or report suspected misconduct without being expected to investigate it themselves.

Improve continuously

Compliance practices should be reviewed as laws, customer expectations, services, technologies, incidents and business risks change.

Operating model

From requirement to measurable action.

The model is designed to connect obligations with owners, controls, evidence, issue response and review. Depth and frequency are adjusted according to materiality and risk.

1Named owner for each material action
5Core stages in the control lifecycle
RiskDetermines control depth and review priority
EvidenceSupports accountability and due diligence
01
Identify

Understand the obligation, business activity, affected parties and material risk.

Scope
02
Assign

Set an accountable owner, supporting roles, approval authority and escalation route.

Ownership
03
Control

Apply preventive, detective or corrective measures proportionate to the exposure.

Action
04
Evidence

Retain accurate, useful records of decisions, reviews, approvals and outcomes.

Assurance
05
Review

Monitor changes, investigate issues, address root causes and improve the control.

Improve

Control areas

A connected set of compliance controls.

Control design depends on service scope and risk. These areas describe the types of practices that may support Rudrriv’s operations and customer engagements.

Governance and oversight

  • Defined responsibility and escalation
  • Policy ownership and periodic review
  • Risk-informed management decisions
  • Tracking of material actions and exceptions

Obligation management

  • Identify applicable requirements
  • Translate obligations into practical controls
  • Monitor relevant changes
  • Update scope, records and responsibilities

Contract and commitment control

  • Review material customer commitments
  • Confirm authority before acceptance
  • Record service-specific obligations
  • Manage changes, renewals and exceptions

Ethics and responsible conduct

  • Honest business communications
  • Conflict-of-interest awareness
  • Appropriate gifts and hospitality boundaries
  • Fair treatment of customers and suppliers

Anti-bribery and corruption

  • Prohibit improper payments and facilitation payments
  • Risk-based third-party checks
  • Accurate books and records
  • Escalation of unusual requests or payment terms

Sanctions and restricted-party awareness

  • Assess jurisdiction and counterparty risk
  • Use screening where required by scope or law
  • Escalate potential matches
  • Avoid prohibited transactions and circumvention

Privacy and information handling

  • Purpose-limited data use
  • Access and confidentiality controls
  • Retention and disposal requirements
  • Coordination with privacy and security obligations

Security and acceptable use

  • Approved access and least privilege
  • Secure use of systems and credentials
  • Incident and vulnerability escalation
  • Restrictions on misuse or unauthorised activity

Service quality and records

  • Defined deliverables and acceptance criteria
  • Review and quality-control checkpoints
  • Accurate records and version control
  • Correction of material errors

Third-party and subcontractor controls

  • Business-need and suitability review
  • Contractual confidentiality and compliance terms
  • Access and data restrictions
  • Performance, dependency and issue monitoring

Workforce expectations

  • Role-appropriate policies and guidance
  • Confidentiality and acceptable-use duties
  • Training based on responsibilities and risk
  • Timely reporting of suspected issues

Issue response and remediation

  • Triage and preserve relevant information
  • Investigate with appropriate independence
  • Address root causes and control gaps
  • Document decisions, outcomes and follow-up

Recognised references

Global guidance informs the structure—not unsupported claims.

Rudrriv may use recognised standards and guidance as references when developing or reviewing relevant practices.

Compliance management reference

ISO 37301:2021

Provides requirements and guidance for establishing, implementing, evaluating, maintaining and improving a compliance management system.

Risk management reference

ISO 31000:2018

Supports the integration of risk principles, governance and structured decision-making into organisational activities.

Risk-based due-diligence reference

OECD responsible-business guidance

Informs responsible business conduct and risk-based due diligence relating to people, business relationships and potential adverse impacts.

Effectiveness reference

Established compliance-program evaluation principles

Inform questions about programme design, practical implementation, resourcing, reporting, investigation, incentives and continuous improvement.

Reference to a standard, law or guidance document does not mean certification, full implementation, legal applicability to every service, or endorsement by the issuing organisation. Current evidence should be requested where a formal assurance claim is material.

Customer due diligence

A review process built around the proposed engagement.

Rudrriv supports reasonable customer reviews while protecting confidential information, third-party restrictions and the security of internal systems.

01

Define the review

Confirm the service, entity, locations, systems, data, access, subcontractors and customer requirements that are in scope.

02

Identify material obligations

Map relevant contractual, privacy, security, quality, ethical and regulatory expectations to the proposed engagement.

03

Assess controls and gaps

Review the controls that exist, evidence available, dependencies, customer responsibilities and any changes required before delivery.

04

Agree commitments

Document approved terms, owners, review points, exceptions, reporting expectations and any conditions that must remain in place.

05

Monitor and improve

Track material issues, changes, recurring obligations and corrective actions throughout the relationship.

Policy and process information

Relevant policy extracts, process descriptions, ownership information and approved customer-facing statements.

Control evidence

Selected records of approvals, reviews, training, issue tracking or other controls, subject to scope and confidentiality.

Contractual commitments

Service-specific obligations, data terms, confidentiality requirements, subcontractor terms and agreed customer responsibilities.

Shared responsibility

Compliance outcomes depend on both parties.

Rudrriv cannot replace customer-owned legal authority, executive accountability, system configuration or statutory decision-making.

Area Rudrriv responsibility Customer responsibility
Scope and legal context Describe its proposed service, delivery model and known control boundaries. Identify laws, sector rules, licences, internal policies and customer-specific restrictions that apply to the engagement.
Instructions and approvals Work within documented scope, authority and approved processes. Provide lawful instructions, required approvals and timely decisions from authorised owners.
Systems and access Use approved access for agreed purposes and report suspected misuse or compromise. Configure customer-controlled systems, roles, logging and retention settings appropriately.
Data and content Apply agreed handling, confidentiality and minimisation expectations. Ensure it has authority to provide the data, content and instructions used in the service.
Professional and statutory decisions Provide the operational, technical or business support defined in the contract. Retain licensed, statutory or executive decision-makers where law or professional rules require them.
Issue response Escalate material issues and cooperate according to role and agreed process. Maintain current contacts, preserve relevant evidence and make customer-owned notification or remediation decisions.

Speak up

Raise a concern early and provide the facts available.

Customers, suppliers, workers and other relevant parties may report suspected misconduct, conflicts, improper payments, misuse of information, contractual non-compliance or other material concerns.

Report in good faith without needing complete proof.
Include dates, people, systems, transactions and supporting context.
Do not access records or systems without authority.
Identify urgent safety, security or legal risk clearly.
Report a compliance concern

Frequently asked questions

Clear answers for customers and procurement teams.

For a service-specific answer, include the proposed scope, jurisdictions, systems, data types and control requirement in your enquiry.

What does compliance mean at Rudrriv?

Compliance means identifying the obligations relevant to Rudrriv’s business and customer engagements, assigning responsibility, applying proportionate controls, retaining appropriate evidence, escalating concerns and improving practices when requirements or risks change.

Is Rudrriv certified to ISO 37301?

This page describes Rudrriv’s compliance approach and recognised references. It does not represent ISO 37301 certification, regulatory approval or independent attestation unless Rudrriv separately publishes current supporting evidence.

Which laws and regulations apply to a Rudrriv engagement?

The answer depends on the customer, service, jurisdiction, industry, data, systems, delivery locations and contractual allocation of responsibility. Customers should disclose material sector-specific or jurisdiction-specific requirements during procurement and contracting.

Can Rudrriv complete a compliance questionnaire?

Yes. Customers may send reasonable due-diligence questionnaires or control requests to support@rudrriv.com. Responses and supporting evidence depend on the service scope, confidentiality, third-party restrictions and the commitments included in signed agreements.

How are conflicts of interest handled?

Potential conflicts should be disclosed promptly and assessed by an appropriate owner. Depending on the facts, controls may include separation of duties, restricted information access, customer disclosure, additional review, reassignment or declining the activity.

What is Rudrriv’s approach to bribery and corruption?

Rudrriv does not support bribes, kickbacks, facilitation payments or other improper advantages. Unusual payment requests, gifts, hospitality, agents, public-official interactions and high-risk third parties should be escalated for review before proceeding.

How can someone report a suspected compliance concern?

Email support@rudrriv.com with the subject “Compliance Concern” and provide the available facts, relevant dates, people, systems or transactions, and any immediate risk. Do not access information without authority or conduct an independent investigation.

Will a person face retaliation for raising a concern?

Rudrriv expects concerns to be raised in good faith and assessed fairly. Retaliation against a person for making a genuine report or participating honestly in a review is not acceptable. Knowingly false or malicious reports may be addressed separately.

Does Rudrriv provide legal or regulatory advice?

No. Rudrriv may provide operational, technical, documentation or compliance-support services within an agreed scope, but customers remain responsible for obtaining qualified legal, tax, audit, accounting or regulated professional advice where required.

How does Rudrriv manage compliance exceptions?

A material exception should be documented with the reason, risk, approving authority, compensating controls, duration and follow-up action. An exception does not remove a legal obligation or permit activity that is prohibited by law.

How often are compliance practices reviewed?

Review timing depends on the subject and risk. Reviews may be triggered by legal changes, customer requirements, new services, incidents, audit findings, third-party changes, recurring review dates or material changes in business operations.

What evidence may be available during customer due diligence?

Depending on scope and confidentiality, evidence may include relevant policies, contract terms, process descriptions, completed questionnaires, training or review records, issue-management information and selected control artefacts. Evidence may be redacted or shared under confidentiality restrictions.

Need compliance information for procurement or contracting?

Send the proposed service scope, customer entity, jurisdictions, systems, data categories, questionnaire and any mandatory control requirements. Rudrriv will assess the request against the relevant service and available evidence.

Last reviewed: July 2026 Owner: Rudrriv Solutions Private Limited Contact: support@rudrriv.com