Security

Enterprise-grade controls for public verification.

OBAM provides the controls legal, security, and compliance teams expect when public customer references become part of a governed workflow.

Security overview

OBAM is designed for teams that need governed external references backed by operational controls and accountable access patterns.

Tenant isolation

Tenant-aware policies constrain access to references, assets, and audit events so each organization remains logically isolated.

Tokenized workflows

Verification and action workflows rely on scoped, expiring tokens with explicit status transitions and revocation support.

Audit and logging

Critical actions are logged to provide traceability for authorizations, updates, expiry policy changes, and revocation events.

Data handling

Data is encrypted in transit and at rest with controlled key access paths and documented operational handling standards.

Compliance posture

OBAM supports GDPR commitments and provides supporting documentation for enterprise legal and security review processes.

Need detailed security materials?

We can share architecture, controls, and policy documentation during formal review.

View DPA summary

Request security package

Start a security and compliance review aligned with your procurement process.

Request security package

Review materials available

Public materials for initial security and procurement review

  • Security architecture overview and product control boundaries.
  • Controls summary for access, lifecycle governance, and audit visibility.
  • Data Processing Addendum summary at /legal/dpa.
  • Public subprocessor list and processing roles at /legal/subprocessors.
  • Verification workflow and schema behavior documentation at /docs.

Trust evidence path

Verification docsDPA summarySubprocessors