Trust & Security

Enterprise-grade controls you can audit

This page describes the controls SarlaYash AIP applies today. It is app-owned editable content — not a certification. Approved wording for SOC 2, ISO 27001, GDPR and HIPAA can be added by your Trust & Compliance office.

Encryption in transit & at rest

TLS 1.3 for all traffic. Managed key rotation. No answer keys ever shipped to the browser.

Role-Based Access Control

Admin · Trainer · Manager · Candidate — least-privilege by default.

Session monitoring

Login history, activity logs, device fingerprints for privileged accounts.

Audit logs

Immutable append-only trail for every admin action and assessment event.

Proctoring & integrity

Tab-switch, fullscreen-exit and copy/paste signals recorded per assessment.

Server-authoritative scoring

All answer keys and scoring logic live server-side. The client cannot self-mark.

RBAC Matrix
RolePermissions
CandidateTake assessment · View own reports · Download own PDF
ManagerTeam reports · Skill-gap drill-down · Assign learning plan
TrainerBatch dashboards · Interventions · Bulk feedback
AdminFull org analytics · Question bank · Compliance · RBAC & audit
Recent Audit Events
TimeActorAction
12:04:22admin@company.comExported quarterly report (PDF)
11:58:11trainer.riya@company.comFlagged 3 learners at risk in Delta-24
11:47:03systemScheduled weekly executive report
11:29:58admin@company.comRotated encryption key (kms-2026-11)
10:12:44systemAuto-detected 2 tab switches in session ATT-89210
Cheating & Integrity Signals
Tab-Switch Detection
Enabled

Every visibility change is logged and penalizes the integrity score.

Copy / Paste Guard
Enabled

Blocked during assessments unless a11y mode is toggled.

Fullscreen Enforcement
Optional

Fullscreen exit is recorded per session.