06 / ALVETAS

Security & governance

Controls supported by the architecture.

Alvetas is designed around explicit access, accountable review, inspectable lineage and bounded deployment. Security claims are limited to principles and implemented architecture—not unverified certifications.

No SOC 2, ISO 27001 or other certification status is claimed on this site.

  • ACCESSScoped
  • REVIEWSeparated
  • LINEAGEInspectable
01Security principles

Governance belongs inside the workflow.

Controls are most useful when they shape how research objects are created, reviewed, approved and distributed.

ControlArchitectural intentAssurance boundary
CTL-01

Access control

Support scoped access by organization, workspace, object class and workflow role.

SCOPE REQUIRED
CTL-02

Separation of duties

Keep authoring, review, approval, administration and distribution responsibilities distinct.

SCOPE REQUIRED
CTL-03

Audit trails

Record material state changes, evidence links, versions, reviewers and distribution decisions.

SCOPE REQUIRED
CTL-04

Encryption principles

Protect data in transit and at rest using contemporary platform controls appropriate to the deployment.

SCOPE REQUIRED
CTL-05

Deployment boundaries

Define where data is processed, which integrations are enabled and how environments are separated.

SCOPE REQUIRED
CTL-06

Data classification

Distinguish public, licensed, internal, restricted and sensitive institutional context.

SCOPE REQUIRED
CTL-07

Retention controls

Support policy-led retention and deletion expectations at the applicable object and environment level.

SCOPE REQUIRED
CTL-08

Review states

Prevent draft or unresolved material from appearing indistinguishable from approved institutional output.

SCOPE REQUIRED
CTL-09

Incident contact

Provide a direct path for suspected security issues and coordinate response with accountable stakeholders.

SCOPE REQUIRED

Control model

Boundaries from source intake to approved output.

Deployment-specific controls are scoped during implementation. The logical model keeps acquisition, research work, review responsibility and delivery distinguishable.

01

Source and rights boundary

Connectors, provider entitlements and internal data scopes remain explicit.

02

Workspace boundary

Research objects and users operate within defined institutional scopes.

03

Review boundary

Draft, challenged, approved and restricted states are not collapsed.

04

Distribution boundary

Approved channels and consumers are separated from open work-in-progress.

03Responsible deployment

Security posture is defined with the institution, not assumed.

Deployment conversations cover data classes, source rights, identities, environment boundaries, retention, review responsibility and incident coordination.

Identity & access

Determine identity provider, role model, privileged access and offboarding requirements.

Data handling

Classify inputs and outputs; agree processing, storage, retention and deletion boundaries.

Environment

Define regional, network, integration and separation requirements for the intended deployment.

Operations

Assign owners for access reviews, control changes, incidents and recovery decisions.

Assurance

Document the controls and evidence available for the scoped architecture; do not imply certifications not independently obtained.

Security contact

Report a suspected security issue directly.

For suspected vulnerabilities, misuse or incidents involving Alvetas, contact inquiries@alvetas.com

What to include

Provide a concise description, affected surface, reproduction details where safe, observed time and a secure way to coordinate. Do not include unnecessary personal, licensed or confidential data in the initial message.

Responsible handling

Alvetas will acknowledge and triage reports according to the available operational process. This statement does not make a specific response-time or certification commitment.

Security review

Discuss access, deployment and governance boundaries for your environment.

Bring the relevant data classes, identity model, environment constraints, review roles and assurance questions for a scoped review.

Request access