SecurityPassport
Request access
FAQ

Security FAQ

Answers for security reviewers evaluating SecurityPassport tenant isolation, access controls, auditability, integrations, vulnerability disclosure, and governance security.

ContactSecurity architecture
Isolation
Tenant-aware workspace boundaries.
Auditability
Logs, lifecycle history, and execution records.
Governance
AI, integration, and runtime governance support.
Trust

Security review context for enterprise buyers.

Tenant isolation
Role-aware access
Audit logs
Integration security
Disclosure policy
AI governance
Legal

Security FAQ

Security FAQ

SecurityPassport

Last updated: June 3, 2026

How is tenant data isolated?

SecurityPassport is designed around tenant-aware workspaces. Customer data, governance records, integrations, evidence, audit history, and platform operations are separated by tenant context.

How is access controlled?

SecurityPassport uses role-aware access controls, workspace membership, administrator-managed permissions, authentication controls, and audit logging to support secure access.

Does SecurityPassport support MFA?

SecurityPassport supports authentication security controls and may enforce MFA-related policies depending on configuration and enabled identity workflows.

How is customer data protected?

SecurityPassport uses technical and organizational safeguards such as encrypted network communication, role-aware access, audit logging, infrastructure monitoring, restricted operational access, and secure engineering practices.

Is data encrypted?

SecurityPassport is designed to use encrypted communications in transit. Storage and infrastructure controls depend on the deployment model, enabled providers, and enterprise configuration.

How are audit logs handled?

SecurityPassport preserves operational and governance history through audit logs, workflow records, evidence lifecycle metadata, export traceability, execution records, and event streams.

How are integrations secured?

Integrations are managed through provider-specific configuration, credential handling, provider health checks, execution controls, and auditability workflows.

How are vulnerabilities reported?

Potential vulnerabilities should be reported responsibly to:

hello@securitypassport.com

Reports should include a description, reproduction steps, affected systems or URLs, potential impact, and proof-of-concept information when available.

Do you permit security testing?

Unauthorized scanning, denial-of-service testing, exploitation, or access to other customer data is prohibited.

Responsible testing should follow the Security Disclosure Policy and be limited to authorized accounts and data.

Do you provide security documentation for procurement?

Yes. Security, privacy, legal, DPA, subprocessor, disclosure, and governance materials are available through public documentation and may be expanded during enterprise procurement review.

Does SecurityPassport support AI governance security?

Yes. SecurityPassport includes AI governance support for AI provider records, AI risk signals, human oversight workflows, policy controls, evidence traceability, and executive visibility.

Who should security teams contact?

Security and procurement questions may be sent to:

hello@securitypassport.com

Next step

Need security review support?

Contact SecurityPassport for security, privacy, governance, or procurement documentation.

ContactResponsible governance