Procurement Readiness

Procurement usually enters the AxonFlow conversation after engineering has proved that the runtime can solve a real governance problem. At that point, the questions change from "does this work?" to "can our organization operate this responsibly?"

This page helps platform, security, and engineering teams prepare for that review.

What Reviewers Usually Ask First

Question	Where to answer it
What data does AxonFlow process or store?	Trust Center and Telemetry
Can data stay inside our environment?	Deployment Mode Matrix
Which security controls are actually provided?	Security Control Matrix
Is AxonFlow SOC 2 or ISO 27001 certified?	Not currently; document the current posture honestly.
How do users authenticate?	Identity Overview
How are decisions audited?	Audit Logging
How do approvals work?	HITL Approval Gates
Which tier is needed for the pilot?	Community vs Evaluation vs Enterprise

Recommended Review Packet

Prepare a short packet with:

1. Target deployment mode and data boundary.
2. The runtime surface you plan to use: SDK mode, WCP, MAP, MCP governance, or Decision Mode.
3. The policy families you will enable first.
4. The audit evidence you will show reviewers.
5. The approval workflow, if the use case needs HITL.
6. The current certification statement: no SOC 2 or ISO 27001 yet.
7. The tier path: Community, Evaluation, Enterprise, or Design Partner.

This does not need to be a long document. It needs to be specific enough that procurement, security, and engineering are reviewing the same architecture.

Evaluation vs Design Partner

Use the Evaluation License when your team can self-serve a serious pilot and mainly needs higher limits, approvals, simulation, and evidence workflows.

Use the Design Partner Program when the rollout itself needs hands-on architecture support, enterprise feature access, or a joint path through security, procurement, and production adoption.

Signals That Enterprise Review Is Real

Enterprise review is usually warranted when:

• more than one team will depend on the same AxonFlow deployment
• SSO, SCIM, or portal role management is required
• a compliance team wants structured exports or retention evidence
• a workflow pauses for human approval in a production-like path
• provider, connector, or policy changes need formal operational ownership

If those signals are present, do not treat procurement as a late paperwork step. Treat it as part of the rollout design.

Related Docs

• Security Control Matrix
• Enterprise Rollout Checklist
• When Community Stops Being Enough
• Evaluation Rollout Guide
• Community To Enterprise Migration