quaex

Asuru Security & Policy Charter

Asuru enforces a zero-tolerance posture across people, process and technology. The following policies apply to every tenant, workspace and engine.

Privileged access

Multi-factor authentication (MFA) is mandatory for any role with elevated privileges.
Break-glass access requires dual approvals, is time-bound and generates immutable audit events.
Privileged sessions are recorded and monitored in real time. Session anomalies trigger incident workflows automatically.

Data protection

All datasets registered through the Data & Analytics Engine are encrypted using AES-256 with envelope keys.
Retention windows are declared explicitly. Asuru enforces deletion workflows aligned to contractual and regulatory mandates.
Data in transit leverages TLS 1.3 with modern cipher suites. Internal OT/IT segmentation is mandatory for SCADA workloads.

Change management

Any change affecting production workloads must originate from the Rules & Policy Engine or approved workflow automation.
Changes are linked to auditable tickets and CAPA evidence. Automated checks validate segregation-of-duty constraints.

Incident response

Level 1 (automation teams) targets MTTA ≤ 15 minutes and runs initial remediation.
Level 2 (plant command) coordinates operational containment within 30 minutes.
Level 3 (executive/legal) manages regulatory notifications, customer communication and forensic capture.

Supplier and partner controls

All integrations must be registered through the Integration Engine with sandbox testing prior to production enablement.
Vendor onboarding requires validated KYC artefacts and policy acknowledgement captured in the Policy Center.

Continuous review

Policies are reviewed quarterly by the governance council and updated in the Policy Center.
Compliance evidence (certificates, CAPA logs, audit reports) is stored immutably and surfaced in the Quality & Compliance Engine.

Adhering to this charter ensures Asuru deployments remain secure, compliant and trusted across industrial ecosystems.