Security Policy

Last Updated: May 21, 2026

Opertus Systems applies a security-first operating model across internal operations, client delivery, and supporting operational systems.

Security Principles

• Least privilege and role-based access
• Defense in depth across infrastructure and application layers
• Operational transparency through logging and monitoring
• Secure-by-default deployment for systems handling sensitive data
• Governance and accountability for access, changes, and operational continuity

Core Controls

• Strong identity controls and MFA for critical systems
• Encryption in transit and at rest where supported
• Controlled change management and release practices
• Centralized logging and alerting for security-relevant events
• Backup, recovery, and continuity planning
• Deployment review for material changes to sensitive operational systems

Vendor and Subprocessor Management

We evaluate third-party vendors based on risk profile, data exposure, infrastructure dependency, and operational reliability, and apply contractual controls where appropriate.

Incident Response

We maintain incident triage, escalation, containment, and recovery procedures. For confirmed incidents affecting client data, notice is targeted within seventy-two (72) hours when contractually or legally required.

Responsible Disclosure

Security reports may be submitted to security@opertus.systems. Please include reproducible details and impact context.

Continuous Improvement

Security controls and processes are reviewed periodically, including quarterly checkpoints for policy and operational updates.

Engagement Inquiry

For operational AI, infrastructure, governance, or technical systems advisory, use the engagement inquiry channel.