Trust Center
Control mapping for security, reliability tests, and incident response commitments. Updated 2026-03-10T22:15:00Z
Controls Map
| Control | Coverage | Evidence | Owner |
|---|---|---|---|
| API request signing + nonce replay protection | Partner endpoints | Evidence | platform |
| Public system status + incident feed | All public uptime checks | Evidence | ops |
| Tamper-evident critical export manifest | Audit/status evidence bundles | Evidence | security |
| Backup encryption + restore drill readiness | Operational recovery controls | Evidence | ops |
Test Commitments
- Smoke test cadence: Run endpoint smoke checks daily and on release preflight.
- OpenAPI contract checks: Validate generated specs/changelog before docs publish.
- Backup restore drill: Execute restore drill job on scheduled cadence with evidence artifact.
Incident Response Commitments
- Initial acknowledgement: Critical incidents acknowledged immediately by on-call owner.
- Public status updates: Status page incidents include active/resolved timeline entries.
- Post-incident evidence: Attach signed manifest/checksum evidence for critical exports.
Trust Score Trend
Current score: 88.0 • trend flat • 30d window
Composite score combines uptime, anomaly posture, and release quality telemetry.