Rimark Technology Inc. operates solnet, a permissioned validator platform for consortium-style settlement networks. Security is foundational to that mission. This page summarizes the practices that protect the platform.
Our approach
- Encryption everywhere. Data at rest is encrypted with customer-managed keys backed by an HSM-grade key vault. Administrative and monitoring sessions are protected with strong TLS.
- Least-privilege access. Every operator has a unique, named account. Multi-factor authentication is required on all systems. Access follows the principle of least privilege and is reviewed quarterly.
- Network isolation. Validator nodes run in an isolated network with no public IP exposure and no peering to other environments.
- Change control. All infrastructure and code changes go through reviewed, version-controlled pull requests with required second-person approval before reaching production.
- Continuous monitoring. Infrastructure logs, audit events, and platform health are centrally collected and alerted on. We use Vanta for continuous security control monitoring.
- Incident response. We maintain a documented Incident Response Plan with defined severities, response times, and post-incident review.
Compliance
Rimark is pursuing SOC 2 (Security, Availability, Processing Integrity, Confidentiality) attestation. Our examination is conducted by Sensiba LLP. The platform relies on Microsoft Azure as its infrastructure subservice organization under the carve-out method.
Reporting a security issue
If you believe you have found a security vulnerability or have a security concern, please contact us at security@rimark.io. We aim to acknowledge reports promptly and will work with you on responsible disclosure.
Last reviewed: June 2026.