Security
Security controls
Practical controls and patterns for controlled quantitative workflows.
Encryption
Encrypt data in transit (TLS) and at rest. Support customer-managed keys where required.
Access controls
Entra ID / RBAC roles for datasets, runs, approvals, and exports. Least-privilege by default.
Audit trail
Every run, artifact, and approval is logged with immutable IDs for downstream compliance reporting.
Network isolation
Private networking patterns (VNet, private endpoints) for regulated deployments.
Audit events (example)
A minimal JSON record style used for run/approval traceability.
json
{
"event": "approval.granted",
"runId": "run_8f1...",
"actor": "user@firm.com",
"timestamp": "2026-02-25T12:41:09Z",
"artifactIds": ["art_12a..."],
"policy": { "mode": "audited", "reason": "client export" }
}