Respondent: Ishan Jadhwani, Chief Executive Officer & sole Member, Neuroscale LLC
Completed: June 16, 2026
Reviewed: Annually, and at each Type II observation window
Frameworks: SOC 2 CC1.1, CC1.2 (board independence / oversight), CC1.4, CC2.1; ISO/IEC 27001:2022 cl. 5 (leadership)
Vanta slots:
Completed: June 16, 2026
Reviewed: Annually, and at each Type II observation window
Frameworks: SOC 2 CC1.1, CC1.2 (board independence / oversight), CC1.4, CC2.1; ISO/IEC 27001:2022 cl. 5 (leadership)
Vanta slots:
board-of-directors-charter, board-of-director-cvs, board-meeting-recordPurpose
Neuroscale LLC is member-managed and has not constituted a board of directors or an audit committee (see Audit Committee Deferral Memo 2026). Advantage Partners’ SOC 2 document guidance provides that, where there is no board, the three board-specific evidence slots — board charter, board-member CVs, and board meeting minutes — are satisfied by a completed management ethics survey rather than by manufactured board artifacts. This document is that completed survey and is the controlled evidence pointed at those three slots. The substantive CC1.2 control (independent oversight of internal control) is designed and tested separately through the compensating controls in the Audit Committee Deferral Memo 2026 and the Independent Oversight Charter; this survey records management’s ethics-and-governance posture, it does not replace that control.Survey responses
1. What are some examples of management demonstrating and promoting ethical values within the company?
Ethical values are set from the top and operationalized through the policy library, which every employee acknowledges in Vanta at onboarding and annually:- A Code of Conduct acknowledged by all staff, enforced by the CHRO with a defined disciplinary process.
- A Whistleblower Policy with a fully anonymous reporting channel (GlobaLeaks), express anti-retaliation protection, and an explicit right to report directly to government authorities.
- An Anti-Bribery & Anti-Corruption Policy, an Insider Trading Policy, and a Gifts & Hospitality Register.
- A “tone from the top” control: the CEO performs an independent attestation over sensitive control activities, and independent governance review is performed with outside counsel (VGC LLP).
- Dedicated ethics and reporting aliases (
ethics@,legal@,people@,security@) and recurring security-awareness training.
2. Describe your hiring process.
Roles are opened by a hiring manager and filled through a structured interview process owned by the CHRO. Before start, candidates complete a background check through Checkr with an FCRA-compliant adverse-action process, and sign an employee agreement that includes a confidentiality clause. Onboarding is run through the Rippling HRIS: access is provisioned through Rippling SSO using role-based bundles (least privilege), and the new hire completes security-awareness training and acknowledges the policy library in Vanta. See Onboarding and Roles & Responsibilities.3. Is there a board of directors or investors charged with oversight? If so, list the names and backgrounds of that board’s members.
No. Neuroscale LLC is member-managed; its sole member is Ishan Jadhwani, who also serves as Chief Executive Officer. There is no board of directors and no outside investor charged with oversight. The governance and internal-control oversight that a board (and its audit committee) would provide is performed by the CEO, with VGC LLP (outside General Counsel) acting as the standing independent reviewer — independent of management’s day-to-day operation of controls. That oversight comprises:- quarterly independent review of the risk register and the ISMS Management Review minutes by VGC LLP;
- per-incident independent breach-determination review;
- independent routing of any whistleblower report concerning the CEO, CTO, or CISO to VGC LLP; and
- an annual governance review.
4. Do you expect to make major changes to your product or hosting environment, like creating new business units or changing cloud providers? If so, please describe them.
No major changes to the product architecture or hosting environment are anticipated during the observation window. The production environment remains on the current cloud provider, and no change of cloud provider, new business unit, or new processing location is planned. Any material change would proceed through the Change Management process, be assessed for SOC 2 scope impact, and be reflected in the System Description. (Confirm against the current product roadmap before submission.)5. Describe any recurring executive meetings and how decisions from those meetings are communicated to employees.
The Executive Team (CEO, CTO/CISO, CFO/CHRO, General Counsel, and design/revenue leads) is the standing decision-making body for risk acceptance, breach determination, BC/DR activation, and capital approval. Security and compliance governance runs through the quarterly ISMS Management Review, whose quorum is the CTO/CISO, the General Counsel (VGC LLP), and the CEO in an independent-oversight capacity; decisions are captured in minutes filed in management-review-minutes. Decisions and resulting changes are communicated to staff through Microsoft Teams / email, updates to the policy library (re-acknowledged in Vanta), and the internal system-update communication channel.6. Describe any onboarding training that the new employees receive.
At onboarding, every employee completes security-awareness training (tracked in Vanta) and acknowledges the policy library, including the Code of Conduct, Acceptable Use, and security policies. Engineers additionally receive secure-development training. Training recurs at least annually, with completion enforced by the CHRO. See Onboarding.7. How does management monitor and respond to complaints from customers, vendors, or employees?
- Employees report concerns through their manager, the
ethics@/people@/security@aliases, or the fully anonymous GlobaLeaks channel; intake, conflict-screening, investigation, and disposition follow the Whistleblower Policy, with a quarterly report-volume summary at the ISMS Management Review. - Customers reach support through the published support alias/site; service issues are tracked and, where they constitute incidents, handled under the Incident Response Policy.
- Vendors route through their sponsoring vendor owner and the CFO under Vendor Risk Assessment.
8. How do you solicit feedback from customers regarding the quality of your services?
Customer feedback is gathered through the customer-support channel, ongoing Customer Success engagement, and product release-note / status-page communications that invite response. Feedback that signals a service or security issue is escalated into incident response or the product change process.9. Have there been any major problems (outages, lawsuits, etc.) during the audit period? If so, please describe them.
As of the date of this survey, there have been no material outages, security incidents, or litigation. Service health is published on the status page; any incident would be managed under the Incident Response Policy, with breach determinations independently reviewed by VGC LLP. (Update for the Type II observation window if any reportable event occurs; if none, this is recorded as a non-occurrence.)Cross-references
- Audit Committee Deferral Memo 2026 — CC1.2 compensating controls
- Independent Oversight Charter
- Controls Inventory (CC1.1, CC1.2) · Roles & Responsibilities · Whistleblower Policy
Version history
| Version | Date | Description | Author | Approved by |
|---|---|---|---|---|
| 1.0 | June 16, 2026 | Initial completed management ethics survey, adopted as evidence for the board-charter, board-CV, and board-meeting Vanta slots in place of manufactured board artifacts, per Advantage Partners’ document guidance. | Cameron Wolfe | Ishan Jadhwani |