Authentication & Access
SonicCx supports enterprise authentication standards including SAML 2.0 SSO, OAuth 2.0, and multi-factor authentication (MFA). Integrate with your existing identity provider — Microsoft Entra ID, Okta, Google Workspace, and others — to enforce your organisation's access policies.
- SAML 2.0 and OAuth 2.0 SSO integration
- Multi-factor authentication (MFA) enforcement
- Microsoft Entra ID, Okta, and Google Workspace support
- Session timeout and concurrent session controls
- Brute-force protection and account lockout policies
- API key management with scoped permissions
Role-Based Access Control
Granular role-based access control (RBAC) ensures users can only access the data and functions relevant to their role. Roles are configurable at the organisation, project, and system level — supporting the complex permission hierarchies of enterprise project environments.
- Configurable roles at organisation, project, and system level
- Granular permission sets — view, edit, approve, administer
- Delegation of approval authority with audit trail
- Contractor and external user access with restricted visibility
- Time-limited access grants for auditors and reviewers
- Role assignment approval workflow for sensitive projects
Tenant Isolation
Every SonicCx tenant operates in a fully isolated environment. Project data, documents, and user records are logically separated at the database level with no shared data exposure between organisations.
- Complete logical data isolation between tenants
- No cross-tenant data sharing or exposure
- Independent encryption keys per tenant
- Dedicated data residency options for compliance requirements
- Tenant-level audit logs and access records
- Support for on-premise and private cloud deployment
Data Governance
SonicCx provides the data governance framework that enterprise organisations, government bodies, and critical infrastructure operators require — including data classification, retention policies, and structured records management.
- Data classification and sensitivity controls
- Configurable data retention and deletion policies
- Structured records management aligned to regulatory requirements
- Data export and portability in open formats
- GDPR and Privacy Act compliance controls
- Data sovereignty — Australian-hosted infrastructure available
Audit Trails
Every action in SonicCx creates an immutable audit record. Who accessed what, when they changed it, what it was before, and what it became — permanently recorded and exportable for regulatory, legal, and operational purposes.
- Immutable, tamper-proof audit log for every action
- Field-level change history — before and after for every edit
- User access logs with timestamp and IP address
- Approval decision records with supporting comments
- Document access and download tracking
- Structured audit export for regulatory submissions
Encryption
All data in SonicCx is encrypted in transit and at rest using industry-standard encryption. TLS 1.3 for all data in transit, AES-256 for data at rest, with cryptographic key management via dedicated key management services.
- TLS 1.3 for all data in transit
- AES-256 encryption for data at rest
- Dedicated key management service (KMS)
- Encrypted backup storage
- End-to-end encryption for document attachments
- Certificate management and automated renewal
Infrastructure Architecture
SonicCx is hosted on enterprise-grade cloud infrastructure with multi-region availability, automated failover, and independent security monitoring. Architecture is designed for 99.9% uptime SLA with no single points of failure.
- Multi-region deployment with automated failover
- 99.9% uptime SLA with contractual commitments
- Independent security monitoring and alerting (24/7)
- Web Application Firewall (WAF) and DDoS protection
- Container-based architecture with isolated workloads
- Australian data residency available for government and critical infrastructure
Security Monitoring
Continuous security monitoring, threat detection, and vulnerability management. Our security operations team responds to incidents 24/7 with defined escalation paths and breach notification procedures.
- 24/7 security operations monitoring
- Real-time threat detection and automated response
- Vulnerability scanning and patch management program
- Penetration testing by independent third parties (annual)
- Security incident response plan with defined SLAs
- Breach notification within 72 hours per regulatory requirements
Disaster Recovery & Business Continuity
SonicCx maintains comprehensive disaster recovery and business continuity plans with tested recovery procedures. Automated backups, cross-region replication, and documented RTO/RPO commitments ensure your commissioning program is never at risk.
- Recovery Time Objective (RTO): < 4 hours
- Recovery Point Objective (RPO): < 1 hour
- Automated backups every hour with 90-day retention
- Cross-region backup replication
- Annual disaster recovery testing with documented results
- Business continuity plan with defined communication procedures
Security documentation for procurement.
We provide full security documentation packages for enterprise procurement processes including penetration test reports, SOC 2 certificates, data processing agreements, and architecture diagrams under NDA. Contact our security team.