Permissioned access
Role-based authorization governs who can access workflows, environments, and high-impact operations.
Security overview (Draft baseline)
This page provides a high-level security summary for procurement and security review. It intentionally avoids unsupported certification claims.
Document status: Draft for security/legal reviewLast updated: 2026-02-17Owner: Security + Legal
SmartClover describes permissioned access, encryption controls, and traceable event records as the current public security baseline. This statement is not a certification claim.
Security control baseline
Encryption controls
Sensitive flows use encryption controls across transit and approved storage boundaries.
Data-boundary control
Clinical payload storage is scoped by tenant and deployment model.
Traceable event records
Operational events are recorded so teams can investigate changes and support review.
Vulnerability and patch process
Security issues are triaged, prioritized, and tracked through controlled remediation workflows.
Disclosure limitations
- Detailed topology, key-management internals, and sensitive architecture specifics are not publicly disclosed.
- Control implementation detail is shared under procurement and security review channels.
- Regulatory or certification conclusions are not implied unless formally published with evidence.