Security Model

This page separates ARQEN's current demo/local security boundary from the production controls required before live regulated operation. It is not a production security claim.

Current pilot boundary

ARQEN currently operates as a demo/local pilot-ready Quality Operating System prototype. Production writes, production auth, tenant isolation, controlled evidence storage, immutable audit, e-signature, certified reporting, final controlled-copy release, and durable cross-module links remain blocked.

Demo/local sessions are not production auth.

Tenant isolation for production records is unavailable.

Server-side authorization for operating workflow writes is unavailable.

Evidence references are metadata only, not controlled evidence storage.

Audit context is local/source-basis only, not immutable or tamper-evident audit.

E-signature and final controlled-copy release are unavailable.

Production go/no-go gates

Future production access and production write routes must fail closed until the required gates are implemented and verified.

Production auth provider and verified actor identity.

Tenant membership, workspace scope, roles, and permission policy.

Server-side authorization middleware on every production route.

Durable persistence, migration validation, and backup/recovery posture.

Controlled evidence storage with access control, retention, and checksums.

Audit-event persistence before any immutable/tamper-evident audit claim.

SOC 2 readiness evidence collection before any public SOC 2 report claim.

Blocked API guard contracts

The read-only guard endpoints /api/production-write/guard and /api/production-access/guard return structured blocked responses for future production-bound route shapes. They do not authenticate users, isolate tenants, authorize server-side roles, mutate records, persist audit events, or enable production operation.

SOC 2 readiness path

ARQEN must collect operating evidence and complete independent auditor review before any SOC 2 report or certification language appears in public or customer-facing material. The readiness path is organized around Security, Availability, Processing Integrity, Confidentiality, and Privacy trust categories, but no SOC 2 report is claimed here.

Security: production auth, access reviews, tenant isolation, server authorization, change management, incident response, monitoring, and vendor-risk evidence.

Availability: backup/restore evidence, business-continuity objectives, monitoring, and production environment validation.

Processing integrity: durable workflow state, input validation, lifecycle event persistence, and reviewed source-link behavior.

Confidentiality: controlled evidence storage, retention/deletion rules, key custody, access logging, and data classification.

Privacy: public-form boundaries, privacy notice/DPA process, retention/deletion handling, and support escalation process.

Enterprise trust model

Data ownership

Public contact forms are for inquiry context only. Live production quality records require separate agreements and production controls.

Evidence upload / export logging

Future controlled evidence and export workflows require audit-event persistence, retention rules, access control, and inclusion rules before production use.

Audit-event model planned

Current pilot/demo surfaces show traceable review history and local source-basis context. Tamper-evident or immutable-audit claims require durable audit-event storage and verification gates first.

AI handling

AI assistance is advisory. ARQEN does not treat generated text as compliance truth or autonomous approval authority.

Responsible disclosure

Security reports should go to security@arqen-ai.com without including controlled production evidence unless a secure channel has been established.