Security overview

Security is treated as access control, data retention, incident response, backup, and tenant governance — not as a marketing layer added on top of the product.

Identity and access

Multi-factor authentication for administrators, single sign-on options for enterprise customers, role-based access with least privilege, and segregated administrative duties.

Data protection

Encryption in transit and at rest, tenant-scoped data access, documented retention and deletion procedures, and contractual commitments on cross-border transfers.

Resilience and recovery

Encrypted backups, periodic restore tests, documented recovery time and recovery point objectives, and a written disaster recovery program.

Incident response

Severity classification, internal runbooks, customer notification commitments aligned with applicable law, and a documented post-incident review process.

Control matrix

A compact view of the practices behind the security overview, mapped to common procurement-questionnaire domains.

Domain	Practice	Evidence
Identity and access	Administrator MFA, optional SSO for enterprise customers, role-based access with least privilege, and segregation of administrative duties.	Shared under DPA on request
Data protection	Encryption in transit and at rest, tenant-scoped data access, documented retention and deletion, and contractual commitments on cross-border transfers.	Shared under DPA on request
Resilience	Encrypted backups, periodic restore tests, documented RTO/RPO, and a written disaster recovery program.	Shared under DPA on request
Incident response	Severity classification, internal runbooks, customer notification commitments aligned with applicable law, and a documented post-incident review process.	Shared under DPA on request

Security teams reviewing Essence for procurement can request the full technical overview, subprocessor list, and contractual annexes through our sales contact. Talk to sales.