Security
Overview of the security principles S4Ready follows when handling migration data.
Access control & RBAC
Role-based access control ensures that stewards, approvers, and admins only see the data and actions they need.
- Role-tailored views for stewards, process owners, and viewers.
- PII masking for sensitive fields outside privileged roles.
- Audit logs for configuration changes and key workflow events.
Data protection & audit
Migration data is treated as sensitive by default with immutable audit logs and long-term retention options.
- WORM-style audit trails with tamper‑evident hashing in supported deployments.
- Configurable retention policies per environment and project.
- Explicit capture of approvals and break‑glass decisions.
Deployment & encryption
S4Ready is designed for secure deployments in customer-controlled infrastructure or trusted cloud environments.
- TLS for data in transit; encryption for storage handled by the hosting environment.
- Support for customer‑managed keys (BYOK) in eligible setups.
- Segregated environments for dev, test, and production projects.