Tenant-scoped access
Evidence workflows are designed around tenant boundaries, roles, and explicit administration controls.
Security and trust
CRA Ledger is designed around tenant-scoped records, audit activity, original artifact retention, and controlled operational diagnostics.
Trust control model
Evidence records with controlled access
Records separated
Access controlled
Activity retained
Sensitive detail masked
Trust model
Security posture is communicated through concrete controls for workspace access, evidence handling, audit activity, and operational continuity.
Evidence workflows are designed around tenant boundaries, roles, and explicit administration controls.
Admin and user workflows are separated so sensitive evidence operations can be controlled.
Actions, changes, delivery events, and review decisions are preserved as traceable activity.
Original SBOM uploads remain attached to evidence records for provenance and later review.
Operational diagnostics are designed to be useful without exposing sensitive data unnecessarily.
Webhook and notification delivery history can be reviewed as part of operational evidence.
CRA Ledger is designed for controlled pilot use with EU-hosted infrastructure, tenant-scoped workspaces, restricted access, retained evidence records, and configured backups.
Certification note: CRA Ledger is an early-stage product and does not currently claim SOC 2 or ISO 27001 certification.
EU-hosted infrastructure
Authenticated private workspaces
Tenant-scoped evidence records
Restricted access to uploaded SBOM and evidence data
Audit activity retained
Backups configured
Security contact available
Next step
Review how tenant-scoped access, audit activity, and retained evidence fit your product-security workflow.