Security at Rimark

Rimark Technology Inc. operates solnet, a permissioned validator platform for consortium-style settlement networks. Security is foundational to that mission. This page summarizes the practices that protect the platform.

Our approach

  • Encryption everywhere. Data at rest is encrypted with customer-managed keys backed by an HSM-grade key vault. Administrative and monitoring sessions are protected with strong TLS.
  • Least-privilege access. Every operator has a unique, named account. Multi-factor authentication is required on all systems. Access follows the principle of least privilege and is reviewed quarterly.
  • Network isolation. Validator nodes run in an isolated network with no public IP exposure and no peering to other environments.
  • Change control. All infrastructure and code changes go through reviewed, version-controlled pull requests with required second-person approval before reaching production.
  • Continuous monitoring. Infrastructure logs, audit events, and platform health are centrally collected and alerted on. We use Vanta for continuous security control monitoring.
  • Incident response. We maintain a documented Incident Response Plan with defined severities, response times, and post-incident review.

Compliance

Rimark is pursuing SOC 2 (Security, Availability, Processing Integrity, Confidentiality) attestation. Our examination is conducted by Sensiba LLP. The platform relies on Microsoft Azure as its infrastructure subservice organization under the carve-out method.

Reporting a security issue

If you believe you have found a security vulnerability or have a security concern, please contact us at security@rimark.io. We aim to acknowledge reports promptly and will work with you on responsible disclosure.

Last reviewed: June 2026.