Security & Governance

Trust Centre

CPDForge AI is built for regulated sectors. This page documents our security controls, AI governance framework, audit capabilities, and compliance roadmap — designed to reduce security questionnaires and support procurement confidence.

95/100
Security Maturity
91/100
Procurement Ready
95/100
Auditability
SHA-256
Audit Chain

Current Security Posture

Operational multi-tenant SaaS security controls active
Privileged-role MFA enforcement active
Cross-tenant privileged accounts protected with mandatory MFA
HttpOnly secure-session architecture active
CSRF protection active (double-submit cookie pattern)
Tamper-evident audit logging operational
Cross-tenant privilege governance enforced
Enterprise session governance active
AI governance framework with OWASP LLM Top 10 alignment
Dependency vulnerability scanning operational
Privileged-role authentication hardening completed
External validation readiness programme active

Authentication & Access Control

Multi-Factor Authentication (TOTP)Active

Available for all privileged roles including system owners, library admins, and cross-tenant commercial roles (partner, agent, consultant). Time-based one-time passwords with encrypted secret storage and single-use recovery codes.

Role-Based Access ControlActive

Granular permission model with platform-privileged roles (system_owner, library_admin), cross-tenant privileged plans (partner, agent, consultant), and tenant-scoped standard users. Enforced on every API request.

Privileged Role GovernanceActive

Central privilege authority classifies all roles and plans. Partner, consultant, agent, and system_owner all operate under privileged-role governance with shortened JWT lifetime, MFA-capable architecture, tamper-evident audit logging, and elevated session monitoring.

Password PolicyActive

Minimum 12 characters following NCSC three-random-words guidance. Optional Have-I-Been-Pwned breach checking.

Brute Force ProtectionActive

Rate limiting on login (IP and email), registration, password reset, and shared content verification.

Privileged Session ManagementActive

All privileged accounts (platform and cross-tenant) have 24-hour session lifetime (vs 7-day standard). Session version invalidation on password change.

Audit Logging & Tamper Evidence

Tamper-Evident Audit LogActive

Every privileged action is recorded with a SHA-256 hash chain. Each entry links cryptographically to its predecessor, making silent modification detectable.

Admin Audit ViewerActive

System owners can view, filter, and search the complete audit trail directly in the admin interface.

Integrity VerificationActive

Built-in hash chain verification utility. System owners can validate the integrity of the full audit log at any time.

Sensitive Data RedactionActive

Tokens, passwords, and API keys are automatically redacted from audit log entries before display.

AI Governance & Safety

AI Call LoggingActive

Every LLM interaction is logged with prompt/response hashes, token counts, model identification, and moderation flags. Raw content is never stored by default.

Input FilteringActive

Prompt injection detection and PII scrubbing on all inbound AI prompts. System prompts are isolated and non-user-editable.

Output ModerationActive

10-category PII and safety scanner on all AI responses. Flags phone numbers, postcodes, card PANs, JS event handlers, and prompt injection markers.

Human Review GateActive

Library content requires explicit human review acknowledgement before publication. Moderation flags must be reviewed by an administrator.

Approved ModelsActive

Only pre-approved AI models are used. Currently: GPT-4o via controlled API integration. No fine-tuning on user data.

OWASP LLM Top 10 AlignmentActive

Controls mapped against the OWASP LLM Top 10 risk categories. Documented in the AI Governance Framework.

Tenant Isolation & Data Scoping

Logical Tenant IsolationActive

All data queries are scoped by user_id, organisation_id, and client_org_id. Cross-tenant access is prevented at the query layer.

Client Workspace IsolationActive

Partner, agent, and consultant accounts operate client workspaces with strict data boundaries. Client data is never visible to other tenants.

Cross-Tenant Privilege ControlsActive

Roles that span multiple organisations (partner, agent, consultant) are classified as cross-tenant privileged with elevated monitoring, shorter sessions, and audit attribution.

Learner Namespace SeparationActive

Learner authentication uses a separate JWT namespace. Learner tokens cannot access admin or owner endpoints.

Infrastructure & Transport Security

HTTP Security HeadersActive

HSTS (preload-ready), X-Frame-Options DENY, X-Content-Type-Options nosniff, strict Referrer-Policy, Permissions-Policy, and Content-Security-Policy.

Content Security PolicyMonitoring

CSP deployed in report-only mode with violation reporting to an internal aggregation endpoint. Enforcement preparation underway.

Request Size LimitsActive

Global 2 MB body size guard for JSON payloads. Upload routes enforce dedicated per-file limits.

Encryption in TransitActive

TLS enforced via HSTS. Kubernetes ingress handles TLS termination with modern cipher suites.

Secret ManagementActive

All credentials loaded from environment variables. JWT secrets and encryption keys validated at startup. No hardcoded secrets in source.

Compliance & Certification Roadmap

Technically Aligned — Certification PendingTechnically Aligned

Core technical controls aligned with Cyber Essentials requirements. Formal assessor submission and evidence review underway.

Enterprise Hardening Programme ActiveHardening Active

MFA enforcement, external penetration testing, and advanced session-security controls scheduled as part of the Cyber Essentials Plus readiness programme.

ISMS Foundation EstablishedFoundation Established

Security governance, audit logging, asset inventory, AI governance, and procurement evidence frameworks established as foundations for ISO 27001 readiness.

Operational Controls ActiveOperational

Cookie consent gating, data minimisation in AI prompts, tamper-evident audit logging, tenant isolation, and lawful basis documentation in place.

Preparatory Alignment ActivePreparatory

Limited-risk classification assessed. Transparency, human oversight, AI call logging, and moderation requirements documented and operational. Preparatory alignment with emerging EU AI Act principles.

Privileged Role Governance

All privileged roles — including system_owner, library_admin, partner, consultant, and agent — operate under the same governance controls:

Shortened 24-hour privileged JWT lifetime
MFA-capable architecture for all privileged roles
Tamper-evident audit logging of all privileged actions
Elevated session monitoring and actor attribution
Tenant-scoped data access with cross-tenant audit trail

Independent Validation Roadmap

HttpOnly secure-session migration

Target: Q1 2026
Active

CSRF protection implementation

Target: Q1 2026
Active

External penetration test

Target: Q2 2026
Scheduled

Cyber Essentials (Basic) submission

Target: Q2 2026
Technically Aligned

Cyber Essentials Plus readiness

Target: Q2-Q3 2026
Hardening Active

ISO 27001 readiness programme

Target: 2026-2027
Foundation Established

Security Programme Governance

Remediation Cycles

Rolling quarterly security remediation with P0/P1/P2 prioritisation

Audit Evidence Retention

Tamper-evident audit log retained indefinitely; CSP reports 90-day TTL

Governance Review Cadence

Quarterly review of security posture, role model, and compliance roadmap

AI Governance Review

Quarterly review of approved models, moderation rules, and AI call log audit

Security Operations

Incident Response

Defined escalation procedures for security incidents, AI safety events, and data breaches. Automated detection via moderation flags and audit logging, with admin notification and system-owner review within 24 hours.

Vulnerability Management

Automated dependency scanning via pip-audit and npm audit. Critical and high vulnerabilities tracked and remediated within 14 days. Procurement-safe reports generated on demand.

Security Review Cadence

Quarterly security posture review covering RBAC, MFA adoption, audit log integrity, AI governance compliance, dependency vulnerabilities, and roadmap progress.

Penetration Testing

Internal preparation checklist maintained. External penetration test scheduled as part of the Cyber Essentials Plus readiness programme. Scope covers auth, RBAC, MFA, AI prompt injection, tenant isolation, upload surfaces, rate limiting, and admin endpoints.

Dependency Review

Weekly automated scanning of Python and JavaScript dependencies. GitHub Dependabot configured for automated pull request creation. Production dependencies audited separately from development dependencies.

Security Programme Timeline

2025 Q3

Platform launch with foundational security controls

Active
2026 Q1

P0 remediation: RBAC, audit logging, input filtering, secrets hardening

Active
2026 Q1

P1 remediation: MFA, security headers, rate limiting, password policy, AI logging

Active
2026 Q1

Enterprise hardening: tamper-evident audit, trust centre, procurement pack, AI governance, privileged role model

Active
2026 Q2

Cyber Essentials (Basic) assessor submission

Scheduled
2026 Q2

External penetration test

Scheduled
2026 Q2-Q3

Cyber Essentials Plus readiness programme

Scheduled
2026-2027

ISO 27001 readiness programme

Scheduled

Responsible Disclosure Process

We take security and responsible disclosure seriously. If you believe you have identified a security issue, please contact our team through the support portal and select “Security Report” as the enquiry category.

Report a Security Concern

Please do not include sensitive personal data in initial submissions.

What to include:

  • Description of the vulnerability and potential impact
  • Steps to reproduce (proof-of-concept if possible)
  • Your contact information for follow-up

Our commitment:

  • Acknowledge receipt within 2 business days
  • Provide an initial assessment within 5 business days
  • Keep you informed of remediation progress
  • Credit researchers (with permission) in our security advisories

Credential Credibility

Why the credentials this platform issues can be trusted

Platform security answers whether CPDForge is safe to run. Credential credibility answers whether the training it produces is trustworthy. Both matter in procurement — so both are covered here.

CPFPSI governed

Standards grounding, a 14-criterion QA rubric and human SME sign-off before publish.

Core Compliant Accredited

Independently accredited programmes and credentials.

Publicly verifiable

Every credential has a public verification record and QR code.

Core Compliant AccreditedCore Compliant accreditation →How verification works →

Request Procurement & Security Evidence Pack

Enterprise, public-sector, utilities, and regulated-industry buyers may request additional governance and security documentation during procurement evaluation.

Security posture summaryGovernance overviewAudit capability summaryAI governance overviewCompliance roadmap statusCore Compliant accreditationCredential verification
Request Evidence Pack See a verified credential

Trust Centre last updated: 2026-02-01 · Posture version: 2026-Q2-R1

We value your privacy

We use cookies to analyse site usage and improve your experience. You can accept all cookies, use essential cookies only, or reject non-essential cookies entirely.