MonitorWorkspace
Our commitment to protecting your organization's data.

TX-RAMP Level 2 — Texas Risk and Authorization Management Program
Provisionally CertifiedProvisional certification granted by the Texas Department of Information Resources (DIR), listing MonitorWorkspace on the official DIR certified cloud products registry. Texas state agencies, K–12 districts, and higher education institutions can contract for MonitorWorkspace immediately — no waiting for the full assessment cycle. Assessed against NIST SP 800-53 Rev 5 Moderate baseline (125 controls documented).
Issued May 2026 · Issuing authority: Texas DIR · Level 2 (Moderate baseline) · Full A&I assessment in progress
CASA Tier 2 — Cloud Application Security Assessment
CertifiedLab-tested and verified by TAC Security, an App Defence Alliance authorized lab. All 14 OWASP ASVS Level 1 categories passed — input validation, authentication, session management, access control, cryptography, error handling, and data protection.
Cert ID: 57dbae42 · Issued April 2026 · Valid through April 2027 · TAC Security / App Defence Alliance
Google Workspace™ Marketplace — Verified Application
ListedMonitorWorkspace is listed on the Google Workspace™ Marketplace and has passed Google's review process for OAuth scope justification, data handling practices, branding compliance, and security requirements.
Listed on Google Workspace™ Marketplace · Verified by Google · OAuth 2.0 compliant
Timestamped evidence and control documentation maintained. Assessment artifacts are available upon request for procurement and due diligence reviews.
Cloud Run (gen 2). Serverless container runtime on Google Cloud Platform. No persistent servers — each request runs in an isolated execution environment.
Cloud SQL PostgreSQL. Encrypted storage at rest (AES-256). Automated backups, IAM-controlled access, private VPC networking.
Encryption in transit. All data transmitted over TLS 1.2 or higher. No unencrypted connections accepted.
GCP Secret Manager. All credentials and API keys are stored in Secret Manager. No hardcoded secrets in source code or container images.
Keyless domain-wide delegation. Service account authentication uses workload identity federation. No private key files are stored or distributed.
Google OAuth 2.0. Authentication is handled entirely through Google's OAuth 2.0 consent flow. MonitorWorkspace never stores user passwords.
Session management. Sessions are managed using industry-standard JSON Web Tokens (JWT) with server-side validation on every request.
Role-based access control. Feature access is gated by subscription tier and role. Admin routes are isolated and require separate authorization checks.
Multi-tenant isolation. Each organization's data is logically isolated by tenant ID. All queries enforce tenant-scoped row-level filtering.
Auditable event types. Every user-initiated action — page views, configuration changes, data exports, and offboarding operations — is recorded in an append-only audit log.
GCP Cloud Logging. Structured, machine-readable log output routed to GCP Cloud Logging. Logs are queryable, filterable, and retained per GCP policy.
Dependency scanning in CI/CD. Vulnerability monitoring and dependency scanning run as part of the Cloud Build pipeline on every deployment.
Security documentation available upon request
For procurement reviews, vendor questionnaires, penetration test reports, or TX-RAMP evidence packages, contact our security team directly.
Last reviewed: May 2026