CIO / IT leadership

The security posture is in the schema. Integration through the same OpenAPI the UI uses.

What IT evaluates when approving an ERP — isolation, secrets, audit, API — you can read in code and SQL objects. It's not promised, it's configured.

Request a demo See architecture

Why cifraHQ for IT

The four pains of the IT director evaluating an ERP

SOC 2 posture that depends on the application. Most ERPs rely on application code to block audit writes — an engineer with database access can rewrite history. cifraHQ applies DENY UPDATE/DELETE at the SQL principal over AuditEvents; three principals per tenant (app_rw, audit_admin, readonly_investigator) separate roles in a way the auditor can verify.
Data isolation that can't be evidenced. Row-level security with WHERE TenantId = ? does not pass a serious compliance review. DB-per-tenant on Azure SQL elastic pools delivers a physical SQL database per client, with independent point-in-time backup and restore. An isolation fuzzer in CI verifies that no query crosses the boundary between tenants.
API that "exists" but isn't documented or versioned. The integrator promises REST and delivers one endpoint per request. cifraHQ publishes OpenAPI 3.0 — the same spec the frontend consumes — with optimistic concurrency via RowVersion, PATCH-based auto-save, HMAC-signed webhooks and state transitions as POST sub-resources.
Secrets in appsettings and jobs running in-process. Connection strings and keys in config files is an audit failure. Background work in the web process is an availability failure. All secrets live in Azure Key Vault; Hangfire runs async work (provisioning, daily FX, webhooks, email) off the request-reply path.

What IT gains

Three concrete mechanisms

Isolation

DB per tenant

Physical SQL database per client on Azure elastic pools. Backup, restore and clean offboarding per tenant. CI isolation fuzzer validates the boundary on every commit.

API

Public OpenAPI 3.0

The spec the UI consumes is the one you consume. <code>RowVersion</code> concurrency, PATCH auto-save, state transitions as <code>POST</code> sub-resources, HMAC webhooks.

Operations

Key Vault + Hangfire

Secrets off the code; async work off the request-reply path. Exponential-backoff retries per category; webhook delivery audit visible.

What IT can ask for and receive

The technical review package

Public OpenAPI 3.0 spec. The full contract — the same one our frontend uses. With a sandbox to test integration flows without touching your production tenant.
Security questionnaire answered. SIG Lite, CAIQ or whatever format your vendor review uses. We respond with pointers to concrete controls (CC6.1, CC7.2, CC8.1, A1.2, P1/P3), not generalities.
Isolation fuzzer demo. The CI test that exercises cross-tenant access. We show the pipeline, the tests and the last build's result.
Provisioning architecture. The Hangfire saga (create DB → migrate schema → seed COA → blob → admin → email). How a new tenant is onboarded and how a departing client is offboarded.
Per-tenant health dashboard. Metrics per tenant — DTU used, storage, failed Hangfire jobs, last deploys. Wirable into Azure Monitor for alerts.
Deployment policy. Signed CI/CD pipeline; versioned schema migrations; every deploy registered in CiferaHQ_master. Rollback audited.

Talk to sales for IT

We'll answer SIG Lite, share the public OpenAPI and walk your team through the architecture in a 45-minute session.

Schedule a technical review