ClearAward

Security and governance by design.

ClearAward is built as a multi-tenant SaaS platform with enforced data isolation, structured audit logging, and configurable governance controls from day one.

Designed to support professional bodies, education providers, corporate teams, and regulated organisations.

ARCHITECTURE FIRST

Multi-tenant architecture with enforced data isolation

ClearAward uses row-level security at the PostgreSQL database level to ensure complete separation between organisations.

Every query is automatically scoped to the user's organisation. There is no application-level bypass.

Super administrator access operates through a controlled “view as tenant” mechanism.

This approach prevents cross-organisation data exposure and supports scalable SaaS deployment.

AUTHENTICATION AND ACCESS CONTROL

Controlled access, role-based permissions

ClearAward supports multiple roles including super admin, admin, internal assessor, and external assessor. Permissions are tightly scoped:

Role-Based Permissions

  • External assessors see only assigned submissions
  • Visibility rules control which responses are visible per assessor type
  • Role enforcement is handled server-side

Multi-Factor Authentication

  • Mandatory MFA for admin and super admin roles
  • Configurable MFA policy for assessors
  • TOTP-based authentication compatible with standard authenticator apps
  • MFA enforcement validated on every request via middleware
Enterprise

Single Sign-On (SSO)

  • SAML 2.0 SSO support
  • Domain-based SSO detection
  • Just-in-time user provisioning
  • Option to enforce SSO and disable password login

AUDIT LOGGING AND TRACEABILITY

Immutable audit logging across critical actions

Records structured events across

Authentication
User management
Programme lifecycle
Form and rubric updates
Submission activity
Assessment scoring
Outcome decisions
Data exports
Security configuration
Subscription changes

Each audit record includes

  • Timestamp
  • User identity
  • Organisation context
  • Entity reference
  • Structured change details (where applicable)

Audit logs are insert-only. Update and delete operations are blocked by database policy.

This ensures traceability of key actions across the award lifecycle.

SECURE SUBMISSION HANDLING

Secure submission and assessment workflows

Applicants submit via hosted public pages with configurable access controls:

Fully publicInvite-onlyPassword-protected

Email verification uses time-limited one-time codes with rate limiting.

Draft submissions are securely stored and can be resumed via unique links.

File uploads are validated for allowed types and size limits, with filename sanitisation.

GDPR AND DATA GOVERNANCE

Built with data protection in mind

ClearAward supports

  • Organisation-level GDPR consent defaults
  • Per-programme consent overrides
  • Recorded consent timestamps per submission
  • Consent required before form submission
Enterprise

GDPR Data Governance Engine

  • Configurable data retention periods
  • Automated soft-delete and hard-delete workflows
  • Data subject rights (DSR) handling
  • Retention audit trail

This supports lawful processing and structured data lifecycle management.

DATA EXPORT AND CONTROL

Transparent data access and reporting

Administrators can export programme data in:

JSON

Machine-readable

Excel

Multi-sheet structured export

PDF

Professional reports

All exports are audit-logged with exporter identity and timestamps.

This supports reporting, stakeholder transparency, and compliance requirements.

COMPLIANCE ALIGNMENT

Aligned to recognised security frameworks

ClearAward's controls map to common compliance frameworks including:

SOC 2 Type IIISO 27001:2022Cyber Essentials PLUSUK GDPR

Controls include

Logical access restriction
Role-based permission enforcement
MFA and SSO
Secure configuration
Structured audit logging
Data isolation
Governance and consent controls

A detailed security baseline document maps implementation controls to framework requirements.

OPERATIONAL CONTROLS

Programme-level governance controls

To reduce operational risk, ClearAward enforces:

Publish readiness checks before programmes go live

Locked configuration once submissions are received

Scoring windows with enforced open/close periods

Structured outcome setting

Test mode with test data flagging and purge controls

These controls help prevent configuration drift and workflow errors during live award cycles.

Confidence in every phase

Award programmes involve reputation, fairness, and stakeholder trust.

ClearAward provides the structural controls, auditability, and isolation needed to run those programmes professionally.

Request a security overview