Security approach

Security built into the awards workflow

Protect program access, client roles, sensitive resources and platform administration through layered controls.

01

Identity before access

Protected areas require authenticated identity before the application evaluates the user's program membership and role.

02

Role-based authorisation

Judges, committee administrators and platform support users receive different permissions and destinations.

03

Stronger privileged access

Developer and platform-support functions require MFA and shorter sessions because they carry greater operational risk.

04

Client isolation

Client program data, resources and configuration are designed to remain separated from unrelated tenants.

Access controls

Layered checks before protected content is returned

KumulAwards combines an identity-aware gateway with application checks so authentication alone does not automatically grant access to every portal.

Layer 1 Cloudflare Access

Authenticates the user and applies application policy.

Layer 2 Signed-token validation

Verifies issuer, audience, signature and expiry.

Layer 3 Program membership

Confirms the user belongs to the requested tenant.

Layer 4 Role authorisation

Limits access to the correct portal and resources.

Auditability

Important actions should leave a record

Access decisions, role changes, deployment records, backups and other sensitive operations can be recorded for later review.

Recovery

Backups should be verified, not assumed

Production recovery packages should include source code, configuration, database exports, resources and integrity hashes.

Data handling

Private program information remains restricted

Public pages should never expose private users, tokens, submissions, internal storage details or direct application endpoints.

Honest claims

Security statements must match the real implementation

KumulAwards will not claim certifications, guarantees or compliance standards that have not been independently verified.

Responsible disclosure

Report a security concern

Security reporting instructions will be published before public production launch.

Contact KumulAwards