Taktly · Enterprise
Continuous-improvement work that survives audit.
Taktly is the workspace continuous-improvement and operational-excellence practitioners use to run their projects. The Enterprise plan adds the governance, identity, and audit-defensibility a regulated multi-site operation requires — without losing the senior-practitioner brain that makes Taktly different.
What Enterprise unlocks
Built for the way large operations actually run.
Identity that satisfies IT
SAML 2.0 SSO with Okta, Azure AD, and Ping. SCIM 2.0 for auto-provisioning. Session policy controls per organization. Audit log export to SIEM.
Multi-tenant organization model
One workspace per organization. Org → Site hierarchy. Org-locked templates and branding. Cross-site portfolio visibility for Quality.
Six-role RBAC
OrgAdmin, SiteAdmin, Reviewer, Editor, Operator, Auditor. Quality reviewers can approve without editing. Auditors get read-only with full history.
Multi-user approval workflows
Send-to-reviewer flow with timestamped sign-off, IP capture, and intent statement. 21 CFR Part 11 conformance on the roadmap.
Customer-readable audit log
Every classification, escalation, weak-work flag, override, and approval — exportable to XLSX or CSV. Auditors get the full history.
Portfolio dashboard for executives
Tier 4 events across sites. Average time-to-close. Total realized savings. Recurring contamination patterns by location. QBR-ready exports.
Architecture rule
TAKTLY-001 — Single Intelligence Source.
Every product surface — workspace, support bubble, export gate, scoring, beginner help — consumes from one canonical brain. Twenty-two industry intelligence modules. Eight contamination modules with twelve cross-cutting meta-rules. Live weak-work detection across every text field. Every export ships with a Taktly Assists appendix narrating the rigor that was applied.
Drift between surfaces is detected by automated parity tests on every release. The bubble cannot be weaker than the workspace; the export cannot drift from the score. This is what makes the outputs defensible under audit — and what no competitor in the CI/OpEx space currently has.
Security · privacy · compliance
What we publish for procurement.
Data Processing Agreement
GDPR-aligned DPA available for download. EU/UK Standard Contractual Clauses included.
CAIQ-Lite (Cloud Security Alliance)
Self-attested. Pre-fills available for SIG Lite, HECVAT, and CAIQ Full on request.
Encryption at rest + in transit
AES-256 at rest (Supabase). TLS 1.2+ in transit. RLS-enforced data scoping.
No AI training on customer data
Customer text is never used to train any model. OpenAI processing is single-shot, no retention.
SOC 2 Type II
Evidence collection in progress with Drata. Type I targeted for Q3 2026; Type II in Q1 2027. Type I letter available on request once issued.
HIPAA BAA
Business Associate Agreement available on request for healthcare-bound deployments.
External penetration test
Annual cadence; executive summary available under NDA after first test.
21 CFR Part 11 conformance
Multi-user approvals + immutable audit trail in place. IQ/OQ/PQ validation package on the roadmap for GxP-bound deployments.
Procurement
What's in the package.
- Master Services Agreement (MSA) — customizable
- Data Processing Agreement (DPA) with SCCs
- Business Associate Agreement (BAA) on request
- Service Level Agreement (SLA) — 99.5% uptime target
- Business Continuity + Disaster Recovery Plan (RTO 4h, RPO 1h)
- Incident Response Plan + 72-hour breach notification
- Architecture + data-flow diagrams
- Subprocessor list (Supabase, Vercel, Stripe, Resend, OpenAI)
- Cyber liability insurance certificate
- Pre-filled SIG Lite + HECVAT + CAIQ Full responses
- Vendor audit clauses negotiable in MSA
- Custom legal terms reviewable
Bring Taktly into the operation.
30-minute demo. We’ll walk through the org model, RBAC, approval workflows, and the audit trail with you. Pricing is custom; signed MSA / DPA / BAA available before any pilot.