Security
OrchIntel's security practices and responsible disclosure policy
Last updated: October 10, 2025
Security Practices
At OrchIntel, security is fundamental to everything we build. IOA Core is designed with security-first principles, including cryptographic signing of evidence bundles, immutable audit trails, and runtime policy enforcement.
Responsible Disclosure
If you discover a security vulnerability in IOA Core or our infrastructure, please report it responsibly:
- Email: security@orchintel.com
- PGP Key: Available upon request
- Do not disclose publicly until we've had a chance to address the issue
Security Features
Cryptographically Signed Evidence
All evidence bundles are cryptographically signed to prevent tampering
Immutable Audit Chains
Audit trails with tamper detection ensure complete transparency
Runtime Policy Enforcement
Policies are enforced at runtime to prevent non-compliant operations
Zero-Trust Architecture
Explicit permissions and verification at every level
Open Source Transparency
SPDX-compliant licensing for full code auditability
Compliance & Certifications
OrchIntel is committed to maintaining industry-standard security practices and compliance frameworks. Visit our Compliance page for more information about supported frameworks.