Compliance Program
NRSIP Registry operates a risk-based compliance program covering identity controls, payment handling, infrastructure governance, audit immutability, and incident response.
Governance model
Roles are separated across customer operators, admin operators, and platform maintainers. Elevated actions are authenticated and recorded through append-only audit trails.
Control objectives
Core controls include SSO authentication, role-based access controls, secret-managed credentials, integrity-preserving lifecycle transitions, and observability guardrails.
Regional and customer commitments
Customer agreements may include DPA addenda, breach notification windows, and data residency constraints. Additional attestations are available on request during enterprise onboarding.
Policy documentation
The canonical policy set is maintained in repository documentation and version-controlled for change traceability: `docs/POLICY_ACCESS_CONTROL.md`, `docs/POLICY_SECURITY.md`, and `docs/POLICY_MONITORING.md`.