Security
Security guidance
Best practices for securing access, data, and audit visibility in ExpiryVault.
Access controls
Assign owners, verifiers, and admins with least-privilege access. Review membership and access requests regularly.
- Enforce role-based access (RBAC).
- Require approvals for sensitive changes.
- Use viewer roles for auditors.
Authentication
Strengthen access with MFA and enforce session verification on elevated actions.
- Require MFA for privileged roles.
- Use step-up verification for exports.
- Monitor last access for dormant accounts.
Audit visibility
Track every critical action with immutable audit logs and severity filtering.
- Review verification approvals monthly.
- Export audit logs for compliance reviews.
- Stream events to your SIEM.
Data retention
Align retention windows with regulatory obligations and automate deletion or archival.
- Define retention per document type.
- Schedule review reminders before deletion.
- Document retention approvals in audit logs.
Security review checklist
Review this checklist quarterly to maintain a defensible compliance posture.
- ✅ MFA enforced for admins and verifiers.
- ✅ Quarterly access reviews completed.
- ✅ Audit logs exported and archived.
- ✅ Retention policies documented.
Need integration details? Visit integrations or the FAQ for more answers.