
Security & trust
The platform your regulator would design if they built one.
QUANTRA's controls are not a marketing surface — they're schema invariants, DB policies and hard architectural boundaries. This page is maintained by BWE and describes the platform's current posture.
Row-level security
Every public-schema table has RLS enabled. Access is scoped via can_access_engagement and is_bwe_staff helpers — never via app-layer filters. Verified by an automated cross-org test.
India-region data residency
All engagement data (assets, findings, reports) resides in Indian regions. Storage buckets for reports are private and engagement-scoped.
MFA + role scoping
TOTP MFA is mandatory for all human users. Roles: bwe_admin, bwe_analyst, client_owner, client_read — stored in a dedicated user_roles table checked by a security-definer function.
Immutable audit trail
Every intake, scoring pass, finding approval and report delivery is timestamped. Delivered reports carry an immutable input_hash bound to the exact assets and findings at delivery time.
Human-in-the-loop enforced in Postgres
A Postgres CHECK constraint refuses to persist a finding into a report unless a named human approver has signed off. Not a policy — a schema invariant.
Zero inbound access
QUANTRA never receives inbound access to client infrastructure. Discovery is via uploads and public Certificate Transparency logs. No agents, no VPNs, no client-side scans.
Shared responsibility
BWE operates the QUANTRA platform, delivers audits, and maintains the scoring tables. Client organisations own their inventory data, approve findings, and retain the final reports. This page describes current platform controls; it does not represent independent certification.
