Vendor Due Diligence
Try the API → ISP v1.0
Procurement documentation

Vendor due diligence —
institutional grade.

ISET legal credentials, BIR registration, PPSR filings, examination alignment, and the Fiduciary Access Certificate — verified and ready for BSP Circular 1213 vendor filings.

🔒fiduciary.technology/vdd
ISET credentials
FAC specimen
Pack contents
Registered credentials · verified
Entity    Indigenous Sovereign Estate Trust
BIR TIN   683-706-670-000  ✓ BIR
OCN       098RC20260000001023
PPSR      No. 2025-372919  ✓ LRA
PSIC      64304 · Trust Corporation
Protocol  ISP v1.0 · Post-quantum
Signing   NIST FIPS 204 · post-quantum
Crown     isp://crown/authority/v1.0
BIR registered · PPSR filed · LRA verified · examination ready
Legal foundation

ISET registered credentials

All credentials are live and BIR-scannable via the Certificate of Registration QR code. Independently verifiable at the LRA PPSR registry and BIR EIS portal.

EntityIndigenous Sovereign Estate Trust
Trade name: ISET
BIR TIN683-706-670-000✓ BIR
OCN098RC20260000001023
COR issued February 9, 2026
Taxpayer typeTrust — Filipino Citizen
PSIC64304 — Trust Corporation Operation
Line of businessFor Fiduciary Purposes
RDO098 — West Misamis Oriental
AddressB14 L26 Leicester Road, Hillsborough Pointe, Carmen 9000, Cagayan de Oro, Misamis Oriental
TIN issuedSeptember 1, 2025
PPSR JuridicalNo. 2025-372919✓ LRA
Entity-level · root signing authority
PPSR IndividualNo. 2025-334841✓ LRA
Crown authorityisp://crown/authority/v1.0
ProtocolISP v1.0 · 428 active codes
Signing standardPost-quantum · NIST FIPS 204
Tax typesVAT (2550Q) · Income Tax (1701/1701Q) · Withholding (0619E, 1601EQ)
Proof of transactionFiduciary Access Certificate
Civil Code Arts. 1440–1457 · RA 8792 §7
Not a BIR OR · 2% EWT withheld by institution
Proof of transaction

Fiduciary Access Certificate

ISET issues a Fiduciary Access Certificate (FAC) for every compliance event. It is a trust instrument under Philippine Civil Code trust law — not a commercial sales invoice or BIR Official Receipt.

Legal basis: Civil Code Arts. 1440–1457 (trust law) + RA 8792 §7 (Electronic Commerce Act — valid electronic record). ISET is registered under PSIC 64304 (Trust Corporation Operation) for fiduciary purposes.

EWT mechanism: The institution withholds 2% Expanded Withholding Tax per RR 11-2018 and issues BIR Form 2307 to ISET. The institution records the payment using the 2307 and FAC as supporting documents. ISET files quarterly VAT (2550Q) and annual income tax (1701).

Court admissibility: The FAC carries ISET's TIN, PPSR reference, Post-quantum signature, SHA3-256 event hash, and BIR COR OCN. Valid electronic record under RA 8792 §7 and court-admissible as AFASA §6 adequate-controls evidence.

FIDUCIARY ACCESS CERTIFICATE Indigenous Sovereign Estate Trust

BIR OCN: 098RC20260000001023
TIN: 683-706-670-000
PSIC: 64304 · For Fiduciary Purposes
PPSR: 2025-372919

FAC Ref: FAC-20260522-000412
ISP Event: 260 — PAYEE_VERIFIED
ISP URI: isp://iset/event/CL-2026-412

Administration fee: ₱1.00 (VAT-incl.)
Beneficiary (80%): ₱0.80 → connected account
ISET corpus (20%): ₱0.20

EWT note: 2% withheld by institution
BIR 2307: to be issued by institution


Signature: Post-quantum:3e8ab1...
Trust instrument · RA 8792 §7 · Not a BIR OR
Due diligence checklist

Current status — each item

Honest status of each standard VDD item. Institutions hold vendors to public commitments; aspirational claims are omitted.

BIR RegistrationActive
TIN 683-706-670-000 · OCN 098RC20260000001023 · BIR-scannable QR on Certificate of Registration. VAT, Income Tax, and Withholding Tax registered and current.
PPSR RegistrationActive
PPSR No. 2025-372919 (Juridical) · No. 2025-334841 (Individual). LRA-registered. RA 11057 §11 priority from registration timestamp. Independently verifiable.
NPC Data Processing System RegistrationQ2 2026
RA 10173 §43 registration with the National Privacy Commission in progress. Target completion Q2 2026. DPO designation concurrent.
Data Privacy OfficerQ2 2026
RA 10173 §21 DPO designation and NPC registration in progress. Target Q2 2026. Contact: privacy@fiduciary.technology
ISO 27001Q1 2027
Readiness assessment Q3 2026. Certification engagement Q4 2026. Target certification Q1 2027. Gap assessment available to production customers on request.
SOC 2 Type IQ3 2026
SOC 2 Type I attestation engagement initiated. Controls mapped to AICPA Trust Service Criteria. Target Q3 2026.
Penetration TestingQ2 2026
Third-party assessment scheduled Q2 2026 with a credentialled security assessor. Report available to production customers under NDA.
Cyber InsuranceQ2 2026
Cyber and Errors & Omissions policy application submitted. Underwriting in progress. Target ₱50M minimum coverage. Certificate available Q2 2026.
Business Continuity PlanDocumented
Cloudflare Workers global edge — 99.99% SLA (Enterprise tier). D1 database edge-replicated. R2 with Object Lock for immutable audit records. RTO <15 minutes. RPO <1 minute.
Incident Response PlanActive
Documented IRP with ISP 460 auto-trigger (72h NPC clock). Cloudflare security event monitoring. Emergency contact: security@fiduciary.technology · 4-hour response SLA.
Data Processing AddendumAvailable
RA 10173-compliant DPA template available. Sub-processors: Cloudflare Inc. (infrastructure) · Resend Inc. (notifications). Both under DPA obligations with equivalent protection.
Master Service AgreementAvailable
Standard MSA template available on request. Negotiable for Enterprise tier. Includes SLA commitments, liability cap, indemnification, data processing obligations, and exit provisions.
Examination alignment

Technology risk examination objectives

FidTech's architecture maps to the examination criteria used by BSP's Technology Risk and Innovation Supervision Department when assessing institution technology risk posture.

Examination objectiveFidTech architectural responsePublic statement
Zero trust architecturePost-quantum device-bound credential. Every API call verified independently. No implicit session trust.Zero trust identity verification on every API call
Identity and access managementISP 023 + 155. Phishing-resistant passkey + device attestation + post-quantum signing.IAM aligned with BSP Circular 1213 §4
Data governance and classificationPPSR-registered data estates. FPIC consent scope defined per RA 10173 §12.PPSR-registered data asset classification
Third-party vendor riskSigned ISP code in every response constitutes per-call vendor risk evidence. VDD pack on this page.Vendor risk evidence in every API response
Cloud / infrastructure architectureCloudflare Workers edge. Philippine data residency. D1 + R2 + KV at the edge.Edge-native infrastructure, Philippine data residency
Audit and examination documentationGET /v1/audit/:id — ISP 604. Post-quantum signed. Permanently retrievable. RA 8792 §7.Examination-ready audit trail, on-demand retrieval
Breach notificationPOST /v1/breach — ISP 460. 72-hour NPC clock. Automated 48-hour reminder. Included.Automated breach notification per RA 10173 §30
Account protection / fund holdPOST /v1/incident — ISP 461. AFASA §6 account access suspension + §7 30-day disputed-fund hold. Post-quantum signed protective instrument. Included.Statutory protective hold · AFASA RA 12010 §6+§7
Data protectionSHA3-256 Consent Ledger. Post-quantum signatures. R2 Object Lock (immutable records).Tamper-evident, immutable data protection architecture
Endpoint securityPost-quantum device-bound credential — the device is the cryptographic anchor.Device-bound post-quantum credentials (NIST FIPS 204)
Business continuityCloudflare global edge. Queued async processing survives node failures. No single point of failure.Distributed architecture, no single point of failure
Download

VDD pack — one PDF,
complete documentation.

BIR COR, PPSR certificates, ISP v1.0 specification, Post-quantum architecture brief, Fiduciary Access Certificate specimen, Data Processing Addendum, MSA template, and examination alignment table.

Sent to your work email. compliance@fiduciary.technology for expedited requests.

✓ Request received
Open VDD Pack →
For Enterprise procurement or BSP examination support: compliance@fiduciary.technology
Pack contents
BIR Certificate of Registration (Form 2303)
PPSR Certificate No. 2025-372919
ISP v1.0 protocol specification summary
Post-quantum post-quantum architecture brief
Fiduciary Access Certificate specimen
Data Processing Addendum (RA 10173)
MSA template — subject to negotiation
Examination alignment table (10 objectives)
BSP Circular 1213 compliance checklist
PRE-PRODUCTION STRESS TEST
Available on request: 72-hour stress test key, 10,000 calls/hour, real Post-quantum signatures. Suitable for pre-production evidence required in BSP examinations. Email compliance@fiduciary.technology with institution name and planned test date.

FidTech provides compliance infrastructure to financial institutions. This page does not constitute legal advice. Regulatory obligations under RA 12010, BSP Circular 1213, and RA 10173 rest with the supervised institution. Fiduciary Access Certificates are trust instruments under Civil Code Arts. 1440–1457 and valid electronic records under RA 8792 §7. They are not BIR Official Receipts. 2% Expanded Withholding Tax is to be withheld by the institution and remitted with BIR Form 2307 to ISET quarterly per RR 11-2018.