Enterprise-grade controls you can audit
This page describes the controls SarlaYash AIP applies today. It is app-owned editable content — not a certification. Approved wording for SOC 2, ISO 27001, GDPR and HIPAA can be added by your Trust & Compliance office.
TLS 1.3 for all traffic. Managed key rotation. No answer keys ever shipped to the browser.
Admin · Trainer · Manager · Candidate — least-privilege by default.
Login history, activity logs, device fingerprints for privileged accounts.
Immutable append-only trail for every admin action and assessment event.
Tab-switch, fullscreen-exit and copy/paste signals recorded per assessment.
All answer keys and scoring logic live server-side. The client cannot self-mark.
| Role | Permissions |
|---|---|
| Candidate | Take assessment · View own reports · Download own PDF |
| Manager | Team reports · Skill-gap drill-down · Assign learning plan |
| Trainer | Batch dashboards · Interventions · Bulk feedback |
| Admin | Full org analytics · Question bank · Compliance · RBAC & audit |
| Time | Actor | Action |
|---|---|---|
| 12:04:22 | admin@company.com | Exported quarterly report (PDF) |
| 11:58:11 | trainer.riya@company.com | Flagged 3 learners at risk in Delta-24 |
| 11:47:03 | system | Scheduled weekly executive report |
| 11:29:58 | admin@company.com | Rotated encryption key (kms-2026-11) |
| 10:12:44 | system | Auto-detected 2 tab switches in session ATT-89210 |
Every visibility change is logged and penalizes the integrity score.
Blocked during assessments unless a11y mode is toggled.
Fullscreen exit is recorded per session.