ZenoXCare — marketing
Loading certification details…
Security assessment·External CREST/OSCP-credentialed pentest firm (engagement TBD)
Vulnerability Assessment & Penetration Test (baseline)
Black-box + grey-box pentest of the Next.js public surface (auth, payments, partner portal, compliance console), authenticated APIs, and the cloud infrastructure perimeter (Vercel + Supabase + Upstash).
PlannedRenewal: annualOwner: ciso
Status & key dates
- Status
- Planned
- Issued on
- Not yet issued
- Expires on
- —
- Renewal cadence
- annual
No issued attestation yet. ZenoXCare only marks this status as Active once a third-party auditor has signed and dated the report — never before.
Scope & framework coverage
Black-box + grey-box pentest of the Next.js public surface (auth, payments, partner portal, compliance console), authenticated APIs, and the cloud infrastructure perimeter (Vercel + Supabase + Upstash).
Satisfies coverage for these regulatory frameworks
- SOC2
- ISO 27001
- PCI DSS V4
Frequently asked
- What is Vulnerability Assessment & Penetration Test (baseline)?
- Vulnerability Assessment & Penetration Test (baseline) is issued by External CREST/OSCP-credentialed pentest firm (engagement TBD). ZenoXCare scope: Black-box + grey-box pentest of the Next.js public surface (auth, payments, partner portal, compliance console), authenticated APIs, and the cloud infrastructure perimeter (Vercel + Supabase + Upstash).
- Is ZenoXCare Vulnerability Assessment & Penetration Test (baseline)-certified?
- Vulnerability Assessment & Penetration Test (baseline) is on the public roadmap; no auditor engagement signed yet (we will not claim ACTIVE without an issued report). ZenoXCare's truth-in-marketing rule: a certification is never represented as Active without a signed report on file (build-time guard verify:certifications-registry blocks this).
- What is the renewal cadence for Vulnerability Assessment & Penetration Test (baseline)?
- Vulnerability Assessment & Penetration Test (baseline) is renewed on a annual cadence. The accountable owner role is ciso. Upcoming-renewal alerts trigger automatically via the compliance-expiry-sweep cron when the issued date is on file.
- What regulatory frameworks does Vulnerability Assessment & Penetration Test (baseline) satisfy coverage for at ZenoXCare?
- Vulnerability Assessment & Penetration Test (baseline) contributes coverage for the following regulatory framework ids: SOC2, ISO_27001, PCI_DSS_V4. The framework allowlist is locked in lib/regulatory/framework-ids.ts.
Every detail on this page comes from a single authoritative record kept by the ZenoXCare compliance team — the same record auditors review. A status only becomes Active once a third-party auditor has signed the report. See the full standards & compliance overview for posture across every framework, or request the audit pack for evidence under NDA.