Security
Built for regulated Azure operations.
Spot IPAM is part of Spot Suite, operated by Spot Cloud B.V. in the EU. Each customer gets an isolated environment with its own Worker, database, and storage.
-
Spot Suite OIDC
Sign in with Microsoft Entra ID SSO, passkeys, or authenticator-app MFA. Tokens carry org_id and Environment role claims.
-
Dedicated isolation
Each customer environment runs its own Cloudflare Worker, own D1 database, and own storage. No shared database between customers.
-
Tenant-scoped access
Users see only the Entra tenants and address spaces their Environment role permits. Collectors are scoped per tenant.
-
EU data residency
Spot IPAM runs on Cloudflare Workers with D1 storage in the EU, operated by Spot Cloud B.V.
-
Reader-only collectors
Service principals hold Reader rights on customer subscriptions — no write access, no Owner or Contributor role.
-
Immutable audit log
Every allocation records requester, approver, and tenant context. Entries cannot be modified after write.
-
Control mapping: ISO 27001 · DORA · GDPR
Platform controls are mapped to ISO 27001:2022, DORA, and GDPR. Audit evidence and the control-mapping pack are shared under NDA — formal SOC 2 or ISO certifications are not claimed.
-
ISO 27001 evidence
Export the address-space register for network segregation reviews under ISO 27001 control A.8.20.
Review our security posture in a demo.
Walk through isolation architecture, collector permissions, and audit log exports with our team.