Security model for evidence-backed work.
Workspace isolation, scoped access, and an audit trail are part of how the platform operates by default. Built for teams whose work has to be defended, reviewed, and traced back to its source.
One shared design, layered across surfaces.
Each surface below has its own page with current detail. Together they describe how Northwind handles the data your team brings in, and the work built on top of it.
Workspace isolation
Workspaces are logically isolated with strong access controls and scoped data boundaries; access does not leak between workspaces by default.
Scoped access
Access is granted on a per-resource basis, designed around least-privilege defaults rather than broad org-wide grants.
Audit trails
Core activity events are captured as part of platform workflows, with timestamps for review and traceability; logging is integrated into operations rather than added separately.
Traceable conclusions
Insights, datasets, and exports stay linked to the inputs that produced them, so claims can be traced back through joins and transforms to source.
Reviewable decisions
Work flows through review surfaces designed for hand-off, so decisions land in front of a human reviewer instead of finalizing silently.
Compliance readiness
Designed to support audit and review work; vendor questionnaire responses are part of how we engage with security teams, not an afterthought.
Sensitive data controls
Records containing personal data can be flagged at ingestion; masking and controlled-reveal patterns help reduce unnecessary exposure during review.
Encryption posture
Northwind is designed to use encryption in transit and encrypted storage across core systems, with platform-managed key practices, not customer-operated key choreography.
Architected, not marketed.
Security marketing is full of badges. We are deliberately not running that play. The teams Northwind is built for evaluate software the way a security team would: they look for the structure of how it operates, where the boundaries are, what is recorded, and what happens when something has to be defended later.
Northwind is shaped around that evaluation. The workspace is the unit of isolation. Access is scoped per-resource on top of role. Audit trails are built into core platform workflows, not a feature your team has to wire up. Conclusions stay linked to the inputs and joins that produced them, so the path from source to claim is observable instead of reconstructed.
We are deliberate about the language we use. Where a control is in place, we describe what it does. Where readiness work is still in progress, we say so. The goal is to be useful to your security team, not to score points on a marketing page.
- Workspace is the unit of isolation; access does not extend across workspaces by default.
- Audit trails are built into core platform workflows, captured as work happens.
- Conclusions are traceable: insights and exports carry the lineage of the inputs that produced them.
- Review is structural: decisions land in front of a human reviewer, with the supporting evidence attached.
- Northwind is designed to use encryption in transit and encrypted storage across core systems, with platform-managed key practices.
- Compliance support is designed to help teams prepare; specific certifications are claimed only when issued.
Send your security questionnaire.
If your team has a standard SIG, CAIQ, or vendor-questionnaire template, send it over. We can return it with cited responses based on current controls, and a clear note where readiness is still in progress.