Security Overview

Socotra is committed to providing a secure platform for modern insurance operations. Our security model is built to protect sensitive policyholder data, support enterprise governance, and align with industry best practices — all without compromising flexibility for development, configuration, and integration.

This section of the documentation provides a comprehensive look at the security architecture, features, and tools available to product owners, developers, and administrators across the platform.

Who Should Read This

This documentation is relevant to:

  • Security and compliance teams

  • Developers and system integrators

  • IT administrators and tenant operators

  • Product owners and data governance leads

Core Principles

We approach security with the following principles in mind:

  • Least Privilege by Default - Users should only be assigned permissions that are strictly necessary to complete their work.

  • Auditable and Transparent - Every significant system action is logged and traceable.

  • Configurable and Enforceable - Security controls are flexible enough to meet tenant-specific needs while maintaining baseline protections.

  • Defense in Depth - Multiple layers of controls, from authentication and encryption to data masking and anonymization.

Topics Covered

This section includes detailed documentation on the following topics:

  • Authentication and Identity - Overview of supported authentication methods, including native login, SSO, and Personal Access Tokens.

  • Role-Based Access Control (RBAC) - Tenant-specific roles and permissions to control access across UI, API, and data layers.

  • Comprehensive Permissions Listing - A complete overview of all available permissions in the Socotra Insurance Suite.

  • Personal Access Tokens - A secure alternative to password-based authentication for software integrations, scripts, and AI agents.

  • Audit Logging - Full visibility into changes made by users and automated processes for traceability and governance.

  • Secure Deployment - Guidance and tooling to ensure secure deployment of code and infrastructure across environments.

  • Encryption - Overview of encryption at rest and in transit, including encryption protocols and secrets management.

  • Password Policies - Configurable password policies, mandatory password policies, and best practices for password management.

  • Security Standards and Regulations - Security standards, certifications, and regulatory requirements that support your security obligations.

Next Steps

Start with Authentication and Identity, or skip directly to the areas most relevant to your team.

For any security-related support or inquiries, reach out to your Socotra representative or email security@socotra.com.

If you haven’t already done so, make sure you’re able to log into Socotra and set up Postman to use the Socotra API.