Trust Center

Make identity, access, mail safety, activity, and responsibility visible.

We place security and accountability inside the operating model, with controls and reports that match personal, organization, reseller, and platform responsibilities.

Six trust foundations

Understand the controls around the work before you rely on them.

Identity

Account, session, recovery, and stronger-role controls

Use centralized sign-in, role-aware sessions, alternate recovery contact, privileged reauthentication, and attributable account actions.

Included
Organization boundaries

Tenant, domain, membership, and role scope

Keep users, domains, rooms, services, storage, reports, and administrative actions within the organization scope assigned to them.

Included
Mail safety

Inbound and outbound protection at the appropriate level

Combine authentication, anti-abuse limits, content and anomaly checks, platform defaults, tenant controls, user preferences, alerts, and reports.

Included
Data handling

Philippine-hosted operating posture with published boundaries

Use local hosting posture, role and tenant controls, documented service behavior, retention expectations, and source notices as part of the evaluation.

Included
Auditability

Attributable actions and drill-down detail

Retain actor, target, tenant, domain, category, event, result, time, and relevant context where the workflow supports it.

Included
Recovery and continuity

Prepare for account, file, service, and operating interruption

Use recovery paths, versions, deleted-file restore, retries, status visibility, backup policy, support, and incident review according to the service and plan.

Included

Mail protection with layered responsibility

Protect the wider platform even when a tenant or user leaves a setting permissive.

Platform defaults establish the minimum outbound and inbound posture. Tenant administrators can apply stricter organization rules, while users manage the preferences that belong to their mailbox without overriding mandatory safeguards.

  • Authenticated submission and relay boundaries.
  • Per-user and per-tenant recipient limits, queue controls, and graduated new-account reputation tiers.
  • SPF, DKIM, DMARC, outbound scanning, anomaly detection, bounce and complaint monitoring, and emergency controls where configured.
  • Alerts and reports routed to the role that can investigate or act.
GoOfficePH layered mail protection controls and security signals

Shared responsibility

Know which role owns each part of the operating posture.

ResponsibilityGoOfficePH platformOrganization and users
Identity and accessOperate centralized identity, role model, session controls, and platform policyProtect credentials, maintain recovery information, assign roles carefully, and remove access promptly
Tenant and domain setupProvide verified-domain and tenant workflows with policy enforcementProve ownership, maintain administrators, place users correctly, and review memberships
Mail protectionApply platform minimums, service controls, monitoring, and operational responseConfigure domain records, respect sending policy, review alerts, and address compromised accounts
Files and sharingProvide permissions, sharing, versions, recovery, activity, and service safeguardsChoose recipients carefully, maintain ownership, review public links, and classify sensitive material
Audit and reportsRetain supported events and present role-scoped online and downloadable reportsReview reports, investigate exceptions, preserve required outputs, and improve policy
Support and continuityProvide status, retries, recovery paths, backup policy, and support according to planMaintain contacts, test critical workflows, define internal owners, and participate in incident review

Evidence people can use

Turn retained activity into review, investigation, and improvement.

Authorized reports combine current state, trends, exceptions, and detailed records. The aim is not simply to accumulate events, but to help the right person understand what happened and what should happen next.

  • Search and filter by role-relevant dimensions.
  • Open the person, tenant, domain, service, or event behind the summary.
  • Use online reports for investigation and supported exports for distribution or retention.
  • Extend logging when a new workflow introduces a material customer or administrative action.
GoOfficePH audit explorer with filters, event detail, and attributable activity

Trust questions

Evaluate the operating model, not a single checkbox.

Does Philippine hosting remove the need for security controls?

No. Hosting location is one part of the posture. Identity, access, encryption, mail protection, application security, logging, recovery, policy, people, and operating response remain essential.

Can tenant administrators weaken platform minimums?

Mandatory platform safeguards remain the floor. Tenant and user controls can add organization or mailbox policy but should not bypass platform-level requirements.

Are all actions logged?

The platform logs supported identity, administrative, service, application, migration, security, support, and commercial events. Logging coverage is reviewed as new material workflows are added; not every passive screen view carries the same audit significance.

Where can an evaluator review open-source licensing?

The Open Source Notices page lists major components, roles, and license families, with supporting compliance information maintained behind the published page.

References

Explore the research and policy context behind this guidance.

National Privacy Commission, Data Privacy ActNational Privacy Commission, data-security guidance

Put the next step in reach

Choose the capability that will make the clearest difference to your team.

Start with one priority, keep the implementation manageable, and expand on the same connected foundation.