Enterprise Security & Single-Vendor Governance

Bank-grade security meets operational excellence. One platform, one truth, complete governance.

Coming Soon

Security Audit Checklist Download Security Pack

What Single-Vendor Governance Means

Instead of ten different spreadsheets and tools across business units, your company uses one platform—CapexEdge—to plan, approve, and track all CAPEX. Same data model, same templates, same audit trail, everywhere.

One Source of Truth

Consistent budgets, scenarios, and KPIs across all sites

One Way of Working

Same gates, forms, and rules; easier training

One Integration

Single connector to SAP/AD, one SSO, one security review

Faster Decisions

Apples-to-apples comparisons across all projects

Your Growth Pathway to Enterprise Standard

1

Land

Start small with one division, solve a painful problem fast

2

Prove

Show faster approvals, cleaner scenarios, better auditability

3

Standardize

Make CapexEdge the company standard

4

Scale

Roll out to other BUs, deepen integrations

5

Stay

Multi-year renewal as operating model depends on platform

Enterprise Security Stack

Comprehensive security that exceeds enterprise requirements and makes IT say "wow"

Identity & Access

  • Phishing-resistant MFA (WebAuthn/passkeys)
  • Just-in-time privileged access with auto-expiry
  • Fine-grained RBAC + ABAC (roles + attributes)
  • SCIM provisioning/de-provisioning
  • SSO integration (SAML 2.0/OIDC)
  • Step-up auth for high-value actions (>€1M)
  • Row-level security for portfolios

Data Protection

  • Customer-managed keys (CMEK/BYOK) in EU KMS
  • Automatic key rotation with HSM support
  • Key-scoped export controls
  • AES-256 encryption at rest
  • TLS 1.3 in transit
  • EU-only data plane with zero-exfiltration
  • Private connectivity (PrivateLink/peering)

Threat Detection & Response

  • Anomaly detection (impossible travel, mass exports)
  • Signed approvals with cryptographic receipts
  • Real-time security alerts
  • 24×7 on-call with defined escalation
  • Security@ mailbox with PGP
  • Vulnerability disclosure program
  • Incident response runbooks

Audit & Forensics

  • Immutable, tamper-evident logs (WORM + hash-chaining)
  • SIEM integration with customer streaming
  • eDiscovery/legal hold capabilities
  • Complete calculation lineage
  • User activity tracking with attribution
  • Export history and access logs
  • 7-year retention for compliance

Vulnerability Management

  • SAST/DAST/SCA scanning in CI/CD
  • CVE patching SLAs (critical: 24h)
  • Third-party penetration tests quarterly
  • SBOM publishing per release
  • Signed artifacts (Sigstore/SLSA)
  • Dependency scanning gates builds
  • Configuration baselines (CIS-aligned)

Network & API Security

  • WAF & DDoS protection
  • API rate limiting (1000 req/hour)
  • Auth scopes and input validation
  • Webhook signing for async operations
  • IP whitelisting available
  • Private endpoints option
  • Zero-trust network architecture

Resilience & Recovery

  • RPO: 1 hour, RTO: 4 hours
  • Quarterly DR failover drills
  • Continuous backups with point-in-time restore
  • Geo-redundant backup storage
  • 99.9% uptime SLA
  • Automated failover capability
  • Data-level restore for user errors

Privacy & Governance

  • GDPR compliant with DPA available
  • Granular data retention policies
  • DSR tooling (export/delete) with SLA
  • Sub-processor list maintained
  • Privacy by design architecture
  • DPIA support available
  • Auto-purge capabilities

Tenant Isolation

  • Separate database schemas per customer
  • Row-level security policies
  • Encrypted data with unique keys per tenant
  • No shared compute resources
  • API-level access controls
  • Network segmentation
  • Zero data bleed guarantee

IT Security Audit Checklist

The 12 areas your IT security team will audit—we're ready for all of them:

1
Identity & Access

SSO, MFA, SCIM, RBAC/least privilege

2
Data Residency

EU pinning, no cross-border transfers

3
Encryption

TLS 1.3, AES-256, key rotation

4
Tenant Isolation

Customer separation, no data bleed

5
Logging & Auditability

Immutable logs, SIEM integration

6
Vulnerability Mgmt

SAST/DAST, CVE patching, pen tests

7
Secure SDLC

Code reviews, SBOM, build integrity

8
Incident Response

Runbooks, RTO/RPO, breach notification

9
Backups & DR

Encryption, restore drills, geo-redundancy

10
API Security

Auth scopes, rate limits, validation

11
Privacy/GDPR

DSRs, retention, sub-processors

12
Network & Edge

WAF, DDoS, private connectivity

Compliance & Certifications

Current

  • GDPR compliant
  • Data Processing Agreements
  • EU data residency
  • Regular security audits

In Progress

  • SOC2 Type II (Q3 2025)
  • ISO 27001 (Q3 2025)
  • NIS2 readiness
  • TISAX assessment

Roadmap

  • C5 attestation (2026)
  • ISO 27017 cloud security
  • ISO 27018 privacy
  • BSI certification

Security Resources

Security One-Pager

Executive summary of our security controls and certifications

Download PDF

Security Whitepaper

Detailed technical documentation of our security architecture

Request Access

Live Security Demo

See our security features in action with your security team

Book Demo

Ready for Your Security Review?

Get your custom security appendix with architecture diagrams, data flows, and compliance documentation.

Schedule Security Review Security FAQ