TrustedAIGov
Login Register
Home / Enterprise Security
ENTERPRISE SECURITY

Security your reviewers can actually verify.

Every control below is stated honestly for CISO, security architecture and procurement review — what's built and active today, what's available to enable, what's on the roadmap with a named dependency, and what only an independent auditor can attest. We never claim a certification or integration outside our control.

Request a security review → Visit the Trust Center
SECURITY POSTURE 38 CONTROLS
Built & active / available to enable
29
Roadmapped · named dependency
6
Requires an independent auditor
3
Every claim points to a module or test in the codebase SEC-1
IMPLEMENTED

Built and active in the platform today; evidence in-repo.

AVAILABLE

Built and available to enable per tenant; not forced on by default.

PLANNED

On the committed roadmap; the genuine dependency is named; not yet built.

EXTERNAL AUDIT

Requires an independent auditor or the customer's own system — never self-asserted.

CONTROLS BY DOMAIN

Ten domains. Nothing hidden.

WHAT WE DO NOT CLAIM

The honest part — because your auditors will check.

Overstating security is the fastest way to fail a review. So we state plainly what is not true today, and name the dependency that gates each one.

We are not SOC 2, ISO 27001, or ISO 42001 certified today. Those require an accredited external auditor (tracked as SEC-7 / SEC-8).
We have not completed an independent penetration test (SEC-6).
Enterprise SSO / SCIM is not yet live — it depends on each customer's identity provider (SEC-2).
Encryption at rest and SIEM export depend on production infrastructure and your SIEM respectively (SEC-4 / SEC-5).
Durable /app data persistence is not yet production-verified. WP-PERSIST-1 is approved and scheduled; today's /app/Invariant/data persistence is not proven in production.
MFA is not yet enforced at login. The TOTP engine and enrollment lifecycle are built; login-time enforcement is on the roadmap (SEC-2b).
FOR SECURITY & PROCUREMENT TEAMS

Bring your questionnaire. We'll answer it straight.

Request our security documentation and a walkthrough of the controls above — evidence-backed, no marketing gloss.

Request a security review → Trust Center