Security events. One operation.Sealed perimeter.
Security events live beside safety on one connected operation — the same record, the same doors, the same closure discipline. The difference is the perimeter: sensitive fields are kept sealed by the database, even from the AI assistant, for anyone without clearance.
Learn one record once.
Open it anywhere.
A security event opens on the same doors as every occurrence. Master the record once, and you know every module — one detail surface across the platform.
Sensitive stays sealed.
Even from the assistant.
Three sensitivity tiers, each with explicit clearance grants. A record above your clearance never reaches your queue, your alerts, or the AI assistant — it fails closed, across roles and across organisations.
- ProtectedCleared security populationRoutine security records, visible to the security team under their access scope.
- RestrictedNamed clearances onlySensitive events surfaced only to roles granted an explicit clearance.
- ConfidentialHighest clearance onlyClosed-hold records. Invisible in queues, alerts, and the AI assistant for everyone else.
A security event
can’t close on faith.
Security events inherit the same enforced governance as safety. Closing one means passing the gates — not flipping a status field.
Breach and hazard,
one record.
- When a breach is also a hazard.One record, linked across safety and security.
A perimeter breach that creates a runway-incursion hazard is a single record, linked both ways. Each team works it under their own scope; the sensitive security fields stay sealed inside the security perimeter.
- When you set the severity.The officer decides; the AI offers a second opinion.
From the threat, vulnerability and impact on the record, the AI assistant proposes a level. Your security officer accepts, adjusts, or overrules it. The level on file is always a person’s call, with the reasoning beside it.
- When you trace the connection.Caused-by, mitigated-by, documented-in.
Linked records carry their relationship: the hazard a breach caused, the action that mitigated it, the controlled procedure it documents. The connection is a fact on the record, not a note in a margin.
- When the amendment lands.The change finds what it touches.
An Annex 17 amendment flows into the requirements, procedures and training it affects, so you see what has to change — instead of re-reading every document to guess.
The right post-holder.
Nothing leaked.
A single urgency-scored queue routes security items to the role that owns them — delegation- and confidentiality-aware. Notifications respect the same perimeter.
- RequiredResponsible post-holderHigh-severity security items routed to the role that owns them, urgency-scored to the top.
- RecommendedOwner or delegateItems that need attention soon — delegation-aware, so cover does not mean a dropped ball.
- WatchCleared roles onlyLower-urgency items kept in view. A record you can’t see never reaches your queue or your inbox.
Security isn’t
a side system.
Security events link into the operational records that surround them — with the sensitive fields kept sealed inside the security perimeter the whole way.
See the perimeter hold.
Watch an event close.
Walk a confidential security event through the doors, the closure gates, and the queue — with the founder, on your data shape, in 30 minutes.