Home | Trust and Security
Evidence-backed only

Trust and Security

Detailed In Design LLC - SolaceSentry

This page describes SolaceSentry's current implemented controls, audit-readiness work, and requestable documents. It does not claim any certification, attestation, or completed conformity assessment unless the signed evidence is available.

Last updated: March 10, 2026

1. Overview

Current posture

SolaceSentry maintains implemented security controls for authentication, audit logging, retention logic, encryption, and model release management.

No public certification claims

We do not currently claim ISO/IEC 27001 certification, a SOC 2 report, a formal NIST authorization package, or a completed EU AI Act conformity package.

Framework tracking

Internal controls are being mapped to NIST SP 800-53B Moderate, ISO/IEC 27001:2022, SOC 2, OWASP ASVS, NIST AI RMF, and the EU AI Act.

Contract support

A BAA may be available for qualifying Enterprise Security customers, and a DPA can be requested for any tier where contract review approves the use case.

2. Implemented Controls

Identity and access

Role-based access, session management, and privileged-access governance are in scope. SSO and MFA enforcement are being formalized as program requirements for all privileged interactive users.

Logging and retention

Structured audit events, retention classes, and evidence references are part of the platform control model. Customer-specific retention commitments are contract-backed, not assumed from marketing copy.

Encryption and isolation

Encryption in transit and at rest, tenant isolation controls, and environment separation are part of the implementation baseline. Provider-managed controls are reviewed through the vendor program.

Secure SDLC

Releases are moving under a blocking CI policy that includes tests, linting, secret scanning, dependency audit, Trivy scanning, SBOM generation, and provenance artifacts.

Model release controls

Model artifacts carry additive release metadata for intended use, risk classification, data sources, evaluation references, approval status, approver, release date, and rollback target.

3. Audit Readiness

Implemented now

  • Policy and control matrix in repository
  • Structured audit logging
  • Artifact promotion workflow
  • Public claims limited to current evidence

In progress

  • SOC 2 and ISO readiness evidence consolidation
  • NIST SP 800-53B Moderate cross-mapping
  • EU AI Act technical documentation and monitoring package
  • External penetration test scheduling

Not currently claimed

  • ISO/IEC 27001 certification
  • SOC 2 Type I or Type II report
  • Formal NIST authorization package
  • Completed EU AI Act conformity package

4. AI Governance

Intended use and misuse boundaries

SolaceSentry is positioned as decision support for high-assurance workflows. It is not represented as an autonomous final decision-maker for regulated use cases.

Human oversight

High-risk deployments require named operator review, evidence references, and escalation paths for low-confidence, drift, or incident conditions.

Monitoring and incidents

AI-specific incidents, prompt-injection failures, drift events, and release rollbacks are tracked as governed operational events with dedicated procedures.

5. Documents and Requests

Public documents

Privacy Policy

Current data-handling notice

View

Terms of Service

Tier terms and customer responsibilities

View

Available on request

  • Business Associate Agreement for qualifying Enterprise Security use cases
  • Data Processing Agreement
  • Security questionnaire response pack
  • Vendor and subprocessor summary
  • Evidence-backed trust clarifications for customer review

For security, privacy, audit-readiness, or contract questions:

support@solacesentry.com

This page reflects the repo-backed control program in `docs/compliance/` and is intentionally limited to claims that can be supported by current evidence.