Security Architecture

Enterprise-grade security controls designed for regulated industries and compliance requirements

Tenancy Architecture

Trostum supports multi-tenant, single-tenant, and hybrid architectures. Tenant isolation is enforced at the application, data, and evidence layers.

External User Access

External parties access Trostum via OTP-based authentication with short-lived sessions. No permanent external accounts are created.

Audit & Compliance

Trostum maintains append-only, hash-chained audit logs, time-boxed auditor access, and signed evidence exports.

AI Usage & Governance

Yes, Trostum uses AI. AI is assistive only and cannot:

  • Approve changes
  • Send disclosures
  • Modify audit logs

Humans remain authoritative.

Bring Your Own Model (BYOM)

Enterprise customers can use their own AI models with strict guardrails.

Compliance Frameworks

Trostum is designed to support compliance.

SOC 2
ISO 27001
DORA
GDPR
CCPA
HIPAA
PCI DSS
Custom frameworks

Questions About Security?

Request a detailed security briefing or review our security documentation

Request Security BriefingSchedule Demo