Security & Compliance

SVEND runs 31 automated compliance checks daily and audits against 0 internal standards with 0 machine-readable assertions backed by 0 unique test methods (0 assertion-to-test links). This page shows real-time results — not curated summaries.

74.2%

Current Pass Rate · 23/31 checks passing

Automated Checks

Standard Assertions

Unique Test Methods

0 assertion links

SOC 2 Controls

Internal Standards

security

100%

11/11 passing

processing_integrity

46%

6/13 passing

availability

50%

1/2 passing

privacy

100%

2/2 passing

confidentiality

100%

3/3 passing

Infrastructure Checks

Run daily at 02:00 UTC against SOC 2 Trust Services Criteria.

access_logging PASS

architecture FAIL

architecture_map WARNING

audit_integrity PASS

backup_freshness PASS

caching PASS

change_management WARNING

complexity_governance FAIL

data_retention PASS

dependency_vuln PASS

encryption_status PASS

endpoint_coverage PASS

error_handling PASS

forge_ecosystem PASS

incident_readiness PASS

log_completeness PASS

output_quality FAIL

password_policy PASS

permission_coverage PASS

policy_review WARNING

privacy_data_export PASS

rate_limiting PASS

risk_registry PASS

roadmap WARNING

secret_management PASS

security_config PASS

security_headers PASS

session_security PASS

sla_compliance FAIL

ssl_tls PASS

tenant_isolation_lint PASS

Service Level Agreements

12 SLAs defined across availability, performance, durability, incident response, compliance, and change management. Measured automatically where possible; honestly reported as unmeasurable where not.

Total SLAs

Met

Breached

Unmeasurable

Emergency change retroactive risk assessment

Target: 24h (per_incident) · Current: 0 violation(s)

MET

Post-incident review completion

Target: 48h (per_incident)

N/A

Backup recovery point objective

Target: 5m (per_incident)

N/A

Platform availability

Target: 99.9% (monthly) · Current: 93.95%

BREACH

API response time p95

Target: 2000ms (monthly) · Current: 40ms

MET

API response time p99

Target: 5000ms (monthly) · Current: 454ms

MET

Backup recovery time objective

Target: 4h (per_incident) · Current: 0.10h (worst-case)

MET

Critical incident acknowledgement

Target: 1h (per_incident) · Current: No incidents

MET

Critical incident resolution

Target: 8h (per_incident) · Current: No incidents

MET

High severity incident resolution

Target: 24h (per_incident) · Current: No incidents

MET

Automated compliance check pass rate

Target: 95% (monthly) · Current: 59.3%

BREACH

Changes not stale in in_progress

Target: 168h (per_incident) · Current: 21 stale CR(s)

BREACH

How This Works

Most companies treat compliance as a periodic exercise. We automated it. Every day at 02:00 UTC, Svend runs 31 infrastructure checks against SOC 2 Trust Services Criteria, verifies 0 assertions across 0 internal standards, and executes 0 linked tests. Results are published here — no cherry-picking, no manual curation.

✓

Automated daily checks
No manual intervention — runs whether we remember or not

✓

Machine-readable standards
0 assertions + 0 tests parsed from internal docs and verified against code

✓

Encrypted off-site backups
AES-256 encrypted, daily to Backblaze B2 with automated retention

SOC 2 Type II (in progress) ISO 27001 (planned) NIST SP 800-53

Automated compliance checks run daily at 02:00 UTC — last run 20 hours, 37 minutes ago