Documentation
How SovereignMesh supports the compliance frameworks that matter most in Australian defence and government procurement.
DISP
Defence Industry Security Program
SovereignMesh enforces DISP membership verification for vendors working on classified or sensitive defence projects. Buyer-side DISP requirements can be specified per project.
ISM
Australian Government Information Security Manual
Platform controls are aligned to ISM requirements for OFFICIAL: Sensitive data. Evidence packs covering relevant controls are available for enterprise customers.
ISO 9001
Quality Management Systems
ISO 9001:2015 certificates can be uploaded, stored, and automatically tracked for expiry. Buyers can filter vendor search results by this certification.
AS 9100D
Aerospace Quality Management
AS 9100D certification is verified against authoritative registrar records where available. Expired certificates trigger automatic buyer notifications.
ITAR / EAR
Export Control Compliance
Vendors can declare ITAR registration status as part of their profile. Buyers can require ITAR compliance as a mandatory filter for sensitive projects.
ISO 27001
Information Security Management
ISO 27001 certification is tracked and displayed on vendor profiles. The SovereignMesh platform itself is pursuing ISO 27001 certification.
Every significant action on the platform — vendor verification events, bid submissions, contract awards, and user access changes — is logged with a tamper-evident audit trail. Enterprise customers can export full audit logs in CSV or JSON format for their own compliance reporting.
SovereignMesh tracks expiry dates for all uploaded certifications and sends automated renewal reminders to vendors at 90, 30, and 7 days before expiry. If a certification expires, the associated Sovereign Badge is suspended and connected buyers are notified within 24 hours.
Buyers can configure mandatory certification requirements at the project level. Vendors who do not meet those requirements are excluded from the matched results for that project. Requirements are logged and auditable.
Compliance documents (certificates, DISP letters, ITAR registrations) are stored in encrypted object storage in AWS ap-southeast-2. Access is logged and restricted to the vendor who uploaded them and authorised platform staff. Documents are not shared with buyers without explicit vendor consent.
Need a compliance evidence pack?
Enterprise customers can request ISM and DISP evidence documentation.