Security and trust

Built for evidence integrity and controlled access.

CRA Ledger is designed around tenant-scoped records, audit activity, original artifact retention, and controlled operational diagnostics.

Trust control model

Evidence records with controlled access

Tenant scope

Records separated

RBAC

Access controlled

Audit logs

Activity retained

Diagnostics

Sensitive detail masked

Controlled pilot access with retained evidence records.

Trust model

Controls for trusted evidence workflows.

Security posture is communicated through concrete controls for workspace access, evidence handling, audit activity, and operational continuity.

Tenant-scoped access

Evidence workflows are designed around tenant boundaries, roles, and explicit administration controls.

Role-based access

Admin and user workflows are separated so sensitive evidence operations can be controlled.

Audit logs

Actions, changes, delivery events, and review decisions are preserved as traceable activity.

Original upload retention

Original SBOM uploads remain attached to evidence records for provenance and later review.

Masked diagnostics

Operational diagnostics are designed to be useful without exposing sensitive data unnecessarily.

Delivery records

Webhook and notification delivery history can be reviewed as part of operational evidence.

Operational security posture

CRA Ledger is designed for controlled pilot use with EU-hosted infrastructure, tenant-scoped workspaces, restricted access, retained evidence records, and configured backups.

Certification note: CRA Ledger is an early-stage product and does not currently claim SOC 2 or ISO 27001 certification.

EU-hosted infrastructure

Authenticated private workspaces

Tenant-scoped evidence records

Restricted access to uploaded SBOM and evidence data

Audit activity retained

Backups configured

Security contact available

Next step

Start with one product line.

Review how tenant-scoped access, audit activity, and retained evidence fit your product-security workflow.