Security & trust

The platform your regulator would design if they built one.

QUANTRA's controls are not a marketing surface — they're schema invariants, DB policies and hard architectural boundaries. This page is maintained by BWE and describes the platform's current posture.

Row-level security

Every public-schema table has RLS enabled. Access is scoped via can_access_engagement and is_bwe_staff helpers — never via app-layer filters. Verified by an automated cross-org test.

India-region data residency

All engagement data (assets, findings, reports) resides in Indian regions. Storage buckets for reports are private and engagement-scoped.

MFA + role scoping

TOTP MFA is mandatory for all human users. Roles: bwe_admin, bwe_analyst, client_owner, client_read — stored in a dedicated user_roles table checked by a security-definer function.

Immutable audit trail

Every intake, scoring pass, finding approval and report delivery is timestamped. Delivered reports carry an immutable input_hash bound to the exact assets and findings at delivery time.

Human-in-the-loop enforced in Postgres

A Postgres CHECK constraint refuses to persist a finding into a report unless a named human approver has signed off. Not a policy — a schema invariant.

Zero inbound access

QUANTRA never receives inbound access to client infrastructure. Discovery is via uploads and public Certificate Transparency logs. No agents, no VPNs, no client-side scans.

Shared responsibility

BWE operates the QUANTRA platform, delivers audits, and maintains the scoring tables. Client organisations own their inventory data, approve findings, and retain the final reports. This page describes current platform controls; it does not represent independent certification.

Have a security question?

Reach the BWE partner team directly.

Contact us