Identity and access controls
Enterprise sign-on, MFA enforcement, and accountable approval histories are part of the buying conversation, not an afterthought.
- SAML 2.0 SSO
- MFA enforcement
- Role-aware access reviews
Trust Center
Enterprise Trust Center
for Faster Security Reviews
Controlled visibility into live compliance posture, evidence integrity, encryption, SSO, data residency, and procurement artifacts for enterprise buyers.
Procurement Snapshot
Core trust answers available in the first render
This static layer exposes the answers enterprise buyers usually ask first, while the interactive trust center still handles the deeper walkthrough below.
Data handling and residency posture
Buyers can inspect how evidence, exports, and regulated data move through the system before they request a full vendor packet.
- Encrypted storage paths
- Residency posture visibility
- Documented retention controls
Evidence integrity and auditability
The trust story is strongest when the platform shows exactly how approvals, artifacts, and exports stay connected in one defensible chain.
- Immutable audit trail
- Export-ready evidence bundles
- Procurement artifact workflow
8 framework packs shipping today· AU regulatory coverage in templates & policy library
- NDIS Practice Standards
- Aged Care Quality Standards
- NSQHS Standards
- AHPRA
- ASIC s912A
- APRA CPS 230
- AUSTRAC AML/CTF
- ACECQA NQF
- WHS Act
- SafeWork Australia
- ISO 27001
- SOC 2
- GDPR
- NIST CSF
- PCI DSS
- HIPAA
- CIS Controls
- ISO 9001
Cryptographic audit chain
Verifiable, not just “we have logs”
FormaOS's audit log isn't a trust-us assertion. Every row is HMAC-chained to the previous one, the chain top is anchored daily to a Linux Foundation transparency log, and the database itself denies mutation. The proof a buyer or auditor needs is in code paths checked into our repo, not in a marketing page.
R3 · audit_log
HMAC-chained rows
Each row carries a sequence number and an HMAC-SHA256 signature linking it to the previous row. A nightly cron re-walks the chain end-to-end; any drift is surfaced as a chain-integrity break before the next audit, not during it.
R4 · sigstore rekor
External anchor at 05:30 UTC
Daily, each org's chain top is submitted to Sigstore Rekor, the Linux Foundation transparency log used for signed open-source releases. The submission is an RFC 6962-style Merkle entry. An auditor can verify the timestamp of any event without trusting FormaOS, because the proof goes through Linux Foundation infrastructure.
postgres · rls
Append-only at the database
A BEFORE UPDATE OR DELETE trigger rejects any mutation of audit rows, backed by restrictive RLS deny policies. A platform admin with service-role credentials (which bypasses RLS) is still stopped by the trigger. The rule is enforced by Postgres, not by application code, so an app-level bypass is not a vector.
Trust Center sections
Every assurance document a procurement team typically asks for, written for compliance buyers and security reviewers. Each section is a standalone artifact you can share with your team.
Data handling
Storage, encryption, retention, and deletion of customer data.
Data Processing Agreement
GDPR Article 28 and Australian Privacy Act-aligned terms for enterprise customers.
Service Level Agreement
Uptime targets, incident response timelines, and credits.
Sub-processors
Third-party providers that process customer data.
Incident response
How FormaOS detects, contains, and discloses incidents.
Vendor assurance
Independent assessment plan and assurance artifacts.
Procurement FAQ
Architecture, hosting, identity, encryption, and audit posture for buyers.
Vendor trust packet
Bundled review materials covering architecture and assurance.