Guest

Security & Compliance

SVEND runs 34 automated compliance checks daily and audits against 39 internal standards with 701 machine-readable assertions backed by 2625 unique test methods (2883 assertion-to-test links). This page shows real-time results — not curated summaries.

92.2%
Current Pass Rate · 678/735 checks passing
735
Automated Checks
701
Standard Assertions
2625
Unique Test Methods
2883 assertion links
23
SOC 2 Controls
39
Internal Standards
984 passing 74 failed 1612 require test DB

security

100%
10/10 passing

processing_integrity

65%
11/17 passing

availability

50%
1/2 passing

privacy

100%
2/2 passing

confidentiality

100%
3/3 passing

Infrastructure Checks

Run daily at 02:00 UTC against SOC 2 Trust Services Criteria.

access_logging PASS
architecture FAIL
architecture_map WARNING
audit_integrity PASS
backup_freshness PASS
caching PASS
calibration_coverage PASS
change_management WARNING
code_style PASS
complexity_governance WARNING
data_retention PASS
dependency_vuln PASS
encryption_status PASS
endpoint_coverage PASS
error_handling PASS
incident_readiness PASS
log_completeness PASS
output_quality PASS
password_policy PASS
permission_coverage PASS
policy_review WARNING
privacy_data_export PASS
rate_limiting PASS
risk_registry PASS
roadmap PASS
secret_management PASS
security_config PASS
security_headers PASS
session_security PASS
sla_compliance FAIL
ssl_tls PASS
standards_compliance PASS
statistical_calibration PASS
symbol_coverage WARNING

Standards Library

39 internal standards define 701 machine-readable assertions that are parsed and verified automatically. 651/701 currently passing.

API-001
API Design
70%
32/46 assertions · 216 tests
AUD-001
Audit Trail
93%
14/15 assertions · 36 tests
BILL-001
Billing & Subscription
95%
18/19 assertions · 99 tests
CHG-001
Change Management
100%
16/16 assertions · 36 tests
CMP-001
Compliance Automation
93%
26/28 assertions · 92 tests
DAT-001
Data Model
94%
33/35 assertions · 245 tests
DOC-001
Documentation Structure & Format
100%
11/11 assertions · 46 tests
DSW-001
Decision Science Workbench Architecture
100%
32/32 assertions · 255 tests
DSW-002
Analysis Output Quality
91%
30/33 assertions · 122 tests
ERR-001
Error Handling
94%
15/16 assertions · 98 tests
FE-001
Frontend Patterns
100%
16/16 assertions · 41 tests
FILE-001
File Storage
100%
4/4 assertions · 19 tests
INC-001
Incident Response Management
100%
12/12 assertions · 8 tests
JS-001
Javascript Conventions
95%
21/22 assertions · 73 tests
LLM-001
LLM Integration
100%
16/16 assertions · 40 tests
LOG-001
Logging & Observability
96%
25/26 assertions · 33 tests
MAP-001
Architecture Map
100%
9/9 assertions · 29 tests
NTF-001
Notification System
95%
18/19 assertions · 37 tests
OPS-001
Operations & Deployment
100%
17/17 assertions · 19 tests
ORG-001
Organizational Hierarchy & Multi-Site
No assertions
PRIV-001
Privacy & Data Protection
100%
7/7 assertions · 14 tests
QMS-001
Quality Management System
86%
82/95 assertions · 453 tests
QMS-002
Resource Management
100%
6/6 assertions · 37 tests
RDM-001
Product Roadmap
100%
12/12 assertions · 16 tests
RISK-001
Risk Registry
100%
4/4 assertions · 9 tests
SCH-001
Cognitive Scheduler
75%
12/16 assertions · 109 tests
SEC-001
Security Architecture
93%
26/28 assertions · 194 tests
SLA-001
Service Level Agreement
100%
12/12 assertions · 39 tests
STAT-001
Statistical Methodology
100%
20/20 assertions · 86 tests
STY-001
Code Style & Conventions
100%
12/12 assertions · 24 tests
SYS-001
System Integration
No assertions
TRN-001
Training Competency Management
100%
10/10 assertions · 29 tests
TST-001
Testing Patterns
79%
11/14 assertions · 29 tests
XRF-001
Cross-Reference & Validation
100%
8/8 assertions · 12 tests
CAL-001
100%
14/14 assertions · 11 tests
VIS-001
90%
9/10 assertions · 8 tests
ARCH-001
100%
14/14 assertions · 30 tests
QUAL-001
100%
16/16 assertions · 32 tests
CACHE-001
100%
11/11 assertions · 21 tests

Service Level Agreements

12 SLAs defined across availability, performance, durability, incident response, compliance, and change management. Measured automatically where possible; honestly reported as unmeasurable where not.

12
Total SLAs
10
Met
2
Breached
0
Unmeasurable
Emergency change retroactive risk assessment
Target: 24h (per_incident) · Current: 0 violation(s)
MET
Post-incident review completion
Target: 48h (per_incident) · Current: 0 violation(s)
MET
Backup recovery point objective
Target: 24h (per_incident) · Current: 32.1h
BREACH
Platform availability
Target: 99.9% (monthly) · Current: 100.00%
MET
API response time p95
Target: 2000ms (monthly) · Current: 40ms
MET
API response time p99
Target: 5000ms (monthly) · Current: 793ms
MET
Backup recovery time objective
Target: 4h (per_incident) · Current: 0.10h (worst-case)
MET
Critical incident acknowledgement
Target: 1h (per_incident) · Current: 0.02h worst, 0/1 breached (target: 1.0h)
MET
Critical incident resolution
Target: 8h (per_incident) · Current: 0.10h worst, 0/1 breached (target: 8.0h)
MET
High severity incident resolution
Target: 24h (per_incident) · Current: 0.10h worst, 0/1 breached (target: 24.0h)
MET
Automated compliance check pass rate
Target: 95% (monthly) · Current: 69.4%
BREACH
Changes not stale in in_progress
Target: 168h (per_incident) · Current: 0 stale CR(s)
MET

How This Works

Most companies treat compliance as a periodic exercise. We automated it. Every day at 02:00 UTC, Svend runs 34 infrastructure checks against SOC 2 Trust Services Criteria, verifies 701 assertions across 39 internal standards, and executes 2883 linked tests. Results are published here — no cherry-picking, no manual curation.

Automated daily checks
No manual intervention — runs whether we remember or not
Machine-readable standards
701 assertions + 2883 tests parsed from internal docs and verified against code
Encrypted off-site backups
AES-256 encrypted, daily to Backblaze B2 with automated retention
SOC 2 Type II (in progress) ISO 27001 (planned) NIST SP 800-53
Automated compliance checks run daily at 02:00 UTC — last run 1 day, 10 hours ago