Security Policy

Last Updated: February 9, 2026

Opertus Systems applies a security-first operating model across internal operations and client delivery.

Security Principles

• Least privilege and role-based access
• Defense in depth across infrastructure and application layers
• Operational transparency through logging and monitoring
• Secure-by-default delivery for systems handling sensitive data

Core Controls

• Strong identity controls and MFA for critical systems
• Encryption in transit and at rest where supported
• Controlled change management and release practices
• Centralized logging and alerting for security-relevant events
• Backup, recovery, and continuity planning

Vendor and Subprocessor Management

We evaluate third-party vendors based on risk profile, data exposure, and operational reliability, and apply contractual controls where appropriate.

Incident Response

We maintain incident triage, escalation, containment, and recovery procedures. For confirmed incidents affecting client data, notice is targeted within seventy-two (72) hours when contractually or legally required.

Responsible Disclosure

Security reports may be submitted to security@opertus.systems. Please include reproducible details and impact context.

Continuous Improvement

Security controls and processes are reviewed periodically, including quarterly checkpoints for policy and operational updates.

Talk With Opertus

If this is relevant to your team, reach out and we can scope practical next steps.