Security and procurement answer pack
Repeatable answer pack for security review, procurement follow-up, and enterprise rollout blockers.
Use this pack when
- Security asks how approvals and evidence are preserved.
- Procurement asks what trust materials are published.
- Architecture asks where final authority sits between runtime and OSuite.
- Legal asks where DPA and subprocessors start.
Core answers
| Question | Short answer |
|---|---|
| What does OSuite govern? | Runtime-connected AI operations, approvals, replay, proof, and trust artifacts. |
| Who is the final authority? | OSuite is the final authority boundary above the runtime lane. |
| Where do trust materials live? | Trust Center, Support policy, Trust artifacts, DPA, and Subprocessors. |
| How do you handle runtime differences? | Through runtime governance packs and lane-specific posture, not separate control models. |
| What if a buyer needs contract deltas? | Public entry points exist, but contract deltas still route through rollout and legal follow-up. |
IAM answer set
- SSO posture is visible in the IAM surface.
- SCIM, group sync, custom roles, and deprovisioning are shown with explicit supported, preview, partial, or planned status.
- Enterprise Readiness is the buyer blocker view for these gaps.
Trust answer set
- Trust Center is the buyer-facing entry.
- Support policy explains severity and escalation.
- Trust artifacts contains the buyer FAQ, procurement pack, artifact vocabulary, and answer pack.