Docs
[IAM]

Audits & Certification

IAM in PLTFRMS is built with a strong focus on security, compliance, and traceability. To support this, the system follows structured audit practices and aligns with industry security standards.

While IAM is designed to meet modern identity security requirements, it also incorporates certified and standards-based components where applicable.

Auditability by design

All IAM operations are fully auditable across the platform.

This includes:

  • Authentication events (login, logout, session creation)
  • Authorization decisions (role and permission evaluations)
  • OAuth2 and OpenID Connect token issuance
  • Changes to users, roles, groups, and organisations
  • Realm-level configuration changes

Every action is traceable within its Realm and Organisation context.

Internal audit model

IAM includes continuous internal audit mechanisms:

  • Real-time logging of identity events
  • Immutable audit trails for sensitive operations
  • Structured event tracking across authentication and authorization flows
  • Periodic review of access patterns and configuration changes

This ensures full visibility into how identity is used across the system.

External audits

PLTFRMS follows a structured external audit approach for IAM-related systems:

  • Periodic external security reviews (on request or required by customers)
  • Independent validation of identity and access control flows
  • Review of token handling, session management, and security boundaries
  • Compliance assessments aligned with enterprise security standards

External audits can be performed when required by customers or regulatory requirements.

OpenID Connect implementation

IAM uses an OpenID Connect implementation based on certified and standards-aligned components.

This means:

  • The implementation follows the official OpenID Connect specification
  • It is built on proven and widely adopted identity standards
  • Interoperability with external identity providers is ensured
  • Security best practices from the OpenID ecosystem are applied

While the implementation is standards-based and aligned with certified OpenID practices, it is integrated into the PLTFRMS IAM architecture and extended with platform-specific features such as realms, organisations, and scoped access control.

Security and compliance alignment

IAM is designed to align with common security and compliance frameworks, including:

  • Industry identity security best practices
  • OAuth2 and OpenID Connect standards
  • Data protection principles (e.g. GDPR-aligned handling)
  • Enterprise access control and audit requirements
  • Internal security governance models

Certification posture

PLTFRMS IAM follows a certification-ready approach, meaning:

  • Systems are designed according to common certification requirements
  • Security controls are implemented in advance of formal audits
  • External certification can be performed upon customer request or regulatory need
  • Architecture supports compliance reviews without redesign

At the time of writing, certifications may be in progress or subject to external audit validation, depending on scope and customer requirements.

Why audits & certification matter

Audits and certification practices ensure that IAM:

  • Maintains transparency in identity and access operations
  • Supports enterprise and regulatory compliance requirements
  • Provides verifiable security and governance controls
  • Enables trust in authentication and authorization flows
  • Scales securely across customers and regulated environments

They form a key part of maintaining confidence in the PLTFRMS identity infrastructure.