ORBAT trust

Security

High-level security posture for ORBAT customer and procurement review.

ORBAT is designed as a reviewable supplier-intelligence platform for security, risk, compliance, procurement, and incident-response teams.

Security principles

ORBAT's security posture is built around practical controls that reduce exposure without turning the public trust page into an implementation manual.

Tenant-separated workspaces and access boundaries
Authenticated access to customer workspaces
Role-based access controls for user permissions
Encrypted data in transit and at rest where supported by the hosting layer
Private internal access paths for data services
Reviewable audit history for key user and system actions
Secure software delivery checks before release

Application access

Application access is authenticated and authorization is evaluated against the user's tenant and role. Customer workspaces are designed so users only access the data and workflows they are permitted to use.

Tenant data separation

Tenant-scoped records are separated using application-level authorization and database-level safeguards. ORBAT avoids exposing implementation details publicly, but the intended outcome is simple: one customer's supplier data should not be accessible to another customer.

Data protection

ORBAT applies layered controls across the application and infrastructure, including encrypted transport, managed data services, private service access where practical, and restricted operational access.

Auditability

ORBAT maintains reviewable history for important actions such as authentication events, supplier data changes, crawl activity, and review workflows. Audit history helps teams understand what happened, when it happened, and which workflow or user initiated it.

Secure development

ORBAT uses automated checks during the software delivery process to help identify secrets, vulnerable dependencies, and common application security issues before release.

Incident response

ORBAT maintains an internal incident response process covering triage, severity classification, escalation, investigation, customer communication, and post-incident review.

For security concerns, contact security@orbathq.com.

Procurement review

Additional security documentation can be requested during procurement or enterprise review. Some detailed documentation may require an NDA.

*Last reviewed: April 2026.*