Security & Procurement

Built for the IT director's review.

Tenant isolation at the query layer, role-gated endpoints, encrypted credentials, and rate-limited public surfaces. Designed to clear procurement.

Security posture

Defense in depth, not a marketing badge.

domain

Multi-tenant isolation

Every organization is fully isolated. Tenant scoping is enforced at the query layer — not as an application convention. No shared state, ever.

badge

Role-based access control

Six built-in roles: Requestor, Technician, Contractor, Supervisor, Admin, Executive. Endpoints are role-gated; UIs hide what users cannot do.

key

Encrypted credentials

Per-organization API keys (OpenAI, integrations) are encrypted at rest. Falls back to server-level configuration if no tenant key is set.

lock

Encryption in transit

HTTPS-only across every surface. HSTS-eligible. Modern TLS, no legacy protocols.

shield

Public surface protection

reCAPTCHA v3 and IP rate limiting on the citizen portal and any public webhooks. HTML sanitization on all user-supplied input.

history

Audit trail

Every mutation — status change, assignment, comment, edit — is logged with user, timestamp, and source. Full replay per record.

AI data handling

How AI uses your data — precisely.

Buyers ask this first. The answer is short: AI calls are scoped, rate-limited, read-only for analytics, and never used to train a third party.

Scoped & org-isolated

  • Every AI call is scoped to the calling user's organization — no cross-tenant data exposure
  • The AI Assistant is read-only: it analyzes data, it does not modify it
  • Tenant-supplied OpenAI keys are honored when configured; otherwise platform keys are used

Rate-limited & tracked

  • Per-user rate limits (default 100 calls/hour) prevent runaway cost or abuse
  • Every AI call is logged with user, model, token usage, and outcome for audit
  • Cost-optimized models (GPT-5-mini) used for high-volume paths; flagship models for assistant & SOPs

What is sent to the model

  • Only the prompt context required for the task — not your entire database
  • Citizen PII (name, email, phone) is excluded from triage prompts unless required
  • Manufacturer PDFs you upload for SOP generation are sent only to extract structure

What is not

  • Your data is not used to train third-party models (per OpenAI API terms for paid plans)
  • The platform does not share tenant data across organizations — not for AI, not for benchmarking
  • You can disable AI features per-tenant if your jurisdiction prohibits them
Procurement

What procurement teams need.

description

Procurement-ready documentation

  • Security questionnaire responses (SIG-lite, CAIQ format)
  • Data Processing Addendum (DPA) on request
  • Standard MSA & SaaS subscription terms
  • Reference architecture & data-flow diagrams
  • Insurance certificates on request
handshake

Deployment & onboarding

  • Cloud-hosted SaaS — no servers to provision
  • Per-tenant subdomain or custom domain
  • Standard onboarding: divisions, roles, asset import in 2–4 weeks
  • You can start with one department and expand
  • CSV / ESRI import for existing assets & PMs
account_balance

Government-friendly licensing

  • Per-organization pricing — no per-seat surprises
  • Annual or monthly billing
  • State / municipal cooperative purchasing welcome
  • No-cost pilot programs for qualifying agencies
contact_support

Support & SLA

  • Direct line to engineering — no Tier 1 maze
  • Standard 99.9% uptime target
  • Status page for incidents & planned maintenance
  • Documented backup & restore procedures
Standards we align to

Familiar frameworks for IT review.

WorkmanIQ aligns its controls to recognized public-sector security frameworks. Formal certifications are added as the customer base requires.

verified NIST CSF aligned
verified OWASP ASVS practices
verified CJIS-aware design
verified SOC 2 roadmap

Need our security packet?

Send us your procurement requirements and we'll respond with the questionnaire, DPA, and reference architecture you need.

Request the packet arrow_forward