Trust & assurance
Security overview
This page summarizes how we think about security for Noor Insight, from evaluation consoles through production utility deployments. It is a diligence aid, not a substitute for a completed questionnaire (e.g. CAIQ), penetration test report, or customer-specific architecture review under NDA.
Identity and access
Production tenants integrate with your governed identity model. Console access uses authenticated sessions with role separation (executive, operations, field) and configurable session lifetime. Directory users are stored with salted password hashes (bcrypt); shared evaluation passwords are intended for controlled pilots only and should be removed from reachable deployments once directory authentication is live.
Data platform
Hosted data planes are designed around least-privilege database roles, encrypted transport to the application tier, and clear separation between environments (e.g. evaluation vs production). Exact residency, retention, and backup objectives are captured in your data processing agreement and infrastructure runbook.
Logging and auditability
We design workflows so significant actions can be attributed to users and systems, supporting internal governance and external audit. The depth of logging and export you require is configured per engagement, aligned to regulator and donor expectations.
Vulnerability disclosure
If you believe you have found a security issue affecting this site or an authorized deployment, contact us with a concise description and reproduction steps. We treat good-faith reports seriously and ask that you avoid disruptive testing without prior written agreement.
Procurement packages
For formal RFPs, we provide architecture diagrams, control narratives, and evidence packs under NDA as part of structured diligence, not as anonymous downloads from this marketing site.
Last updated April 2026. Material changes to our public security posture will be reflected here with an updated date.