Platform notice

NextPhase IT is operating in beta mode while production workflows are validated across the operational platform.

Details

trust.security

Security and access you can run day to day—not shelf documents.

Controls stay visible in the product: who acted, for which customer, under which policy version, with an auditable record. The overview below reflects how we describe it to security and IT partners.

Identity & tenant access

Workspaces use authenticated identities with tenant-scoped memberships, invitations, and role assignments. Enterprise SSO connectors are provisioned per tenant according to your rollout plan—the product shell is built for workforce auth without overstating a specific IdP on this page.

  • RBAC for operator, admin, and client portal roles
  • Session and credential policies aligned with your security requirements

Sample audit events

14:02:11user.session.startmfa:webauthn
14:05:44rbac.role.attachsubject:jdoe role:incident_commander
14:06:02api.key.rotatetenant:acme-corp

Audit Logging

Operational audit events for authentication, RBAC changes, integration calls, and sensitive data access—export patterns depend on your logging stack and contract.

stream: audit.exampleillustrative

2026-05-11T14:07:01Z workflow.transition approved wf=hr-onboard-14

2026-05-11T14:07:03Z integration.call external_system.update_record status=200

2026-05-11T14:07:08Z data.access ticket.body redaction=phi

RBAC

role

viewer

Read dashboards, no ticket body export.

role

operator

Execute approved runbook steps.

role

admin

Tenant config; MFA enforced.

role

auditor

Immutable log views; no mutations.

Data Isolation

Tenant-scoped data access in the application layer, with deployment patterns (shared or dedicated infrastructure) defined in your agreement—not oversimplified on a public page.

tenant_idtnt_acme_01
data_planedp-us-east-dedicated
cmk_arnarn:aws:kms:…:key/8fa2…

Compliance readiness

Formal certifications (for example SOC 2 Type II) and control matrices are maintained with your procurement and security teams when applicable—not claimed on a marketing preview. The platform emphasizes workflow auditability, tenant isolation, and evidence export so you can map controls to your own compliance program.

control example

Quarterly access reviews combine IdP group snapshots with platform role exports—implemented as operational process, not marketing copy.

Incident Traceability

Every incident record can link workflow execution IDs, change tickets, and deploy markers when your teams configure those relationships. Export formats are agreed during implementation.

Workflow Governance

Production workflow edits can require peer review and separation of duties; emergency bypass should emit compensating audit entries per your policy.

Deployment Controls

Deployment and rollback semantics are part of your operational contract; the platform treats workflow and integration changes as auditable operations.

Regional Infrastructure

Data residency and regional hosting are agreed in contract; subprocessors and regions are listed in procurement documentation rather than summarized here.

Request the security pack.

Architecture diagrams, DPA, and subprocessors list are shared under NDA or during procurement—see Resources.

Submit security inquiry