COLMUS INC. · LEGAL · SECURITY

Security

How Obsidian Command is built, defended, and monitored.

Last updated · May 2026

1. Architecture

Defense-in-depth across edge, application, and data tiers. TLS 1.3 in transit. Encryption at rest. Per-tenant isolation. Least-privilege IAM. Hardened build and deploy pipelines with signed releases.

2. Authentication

Modern session management with rotating tokens, optional SSO/SAML on enterprise plans, and MFA on sensitive workflows.

3. Monitoring

Continuous logging, anomaly detection, and red-team exercises. 24/7 alerting on the Sentinel control plane.

4. Disclosure

Coordinated vulnerability disclosure at security@obsidiancommand.org. We respond within one business day and credit reporters who follow the policy.

5. Compliance posture

SOC 2 Type II in progress. ISO 27001 controls mapped. Data Processing Addendum available for enterprise customers.