Security

Systems and Data Integrity — Specification v2.0.3

Purpose

This page describes the categories of technical safeguards applied to data at rest, in transit, and during processing within the system. Specific encryption standards, key management procedures, and compliance certifications applicable to a given engagement are defined in the applicable engagement agreement and data processing addendum.

Data Protection

  • Encryption at Rest. All persistent data is encrypted at rest using industry-standard symmetric encryption. Encryption keys are managed through a dedicated key management service with automatic rotation. Data and keys are stored in separate security domains.
  • Encryption in Transit. All data transmitted between clients and the system, and between internal system components, is encrypted using TLS. The system does not support unencrypted connections. Certificate management is automated with short-lived certificates.
  • Cryptographic Integrity. Sealed records, frozen record manifests, and closure certificates are protected by cryptographic hashing. Hash values are computed at the time of sealing and are independently verifiable. Any modification to a sealed artifact invalidates its hash.

Access Control

  • Authentication. All system access requires authenticated sessions. The system supports institutional identity providers through standard federation protocols. Session tokens are short-lived with automatic expiration.
  • Authorization. Every operation is subject to role-based authorization checks. Authorization is evaluated at the engagement level — an authenticated session does not imply authorization for any specific operation. Authorization failures are logged and do not disclose the reason for denial beyond the failed permission.
  • Engagement Isolation. Data belonging to one engagement is not accessible from another engagement, regardless of the actor's role. Isolation is enforced at the data layer, not solely at the application layer. Cross-engagement data access is architecturally prevented.

Audit and Monitoring

  • Governance Event Logging. All state transitions, authorization decisions, material operations, and administrative actions are recorded as immutable governance events. Events are append-only and cannot be modified or deleted by any actor, including platform operators.
  • Access Logging. Authentication events, session creation, and access denial events are logged independently of governance events. Access logs are retained in accordance with the applicable retention schedule.
  • Tamper Detection. The system is designed to detect unauthorized modification of sealed records through hash comparison. Tamper detection is passive and continuous — sealed record integrity can be verified at any time without system cooperation.

Infrastructure

The system is deployed on cloud infrastructure with network-level isolation, automated patching, and redundant availability. Infrastructure configuration is managed through version-controlled templates. Changes to infrastructure are subject to the same audit trail as application-level operations.

The system does not use third-party analytics, tracking pixels, advertising technologies, or external content delivery networks for user-facing content. Fonts are self-hosted. No visitor data is transmitted to external providers during normal system operation.

Limit

This page pertains to the protection of data at rest and in transit. It does not address evidentiary admissibility or retention schedules; those are specified under Discovery and Retention Policy respectively. Detailed security architecture, penetration testing results, and compliance certifications are available to institutional participants under NDA as part of the engagement process.

Specification Version 2.0.3 — Effective Date: February 2026