Assurance

Verify, don’t trust.

What is assured is specific and testable: no foreign access path, no telemetry of intelligence value leaving the deployment, and a system that runs without Constellation Computing Company.

What is verified, and by whom

  • Independent architecture review and penetration testing for any backdoor or kill switch.
  • Network and data-flow analysis confirming nothing routes out for the system to function.
  • An independent escrow agent’s run-without-CCC build-and-run test.
  • Title records confirming no Constellation Computing Company lien.

Verified by an independent auditor, an independent escrow agent, and the customer’s own experts. Anyone can confirm that a running system matches Constellation Computing Company’s published, signed fingerprints, without access to source code.

Two warranties the customer polices directly

No hidden access: no channel, including Constellation Computing Company’s own management tools, can reach past the encryption-and-verification gate. No leaky telemetry: what the system sends carries nothing of intelligence value; its format is published, and the customer can inspect it before it is sent. Breach of either is an automatic, contract-defined event that drops the deployment to its most locked-down setting. Both are things the customer can detect, not things Constellation Computing Company asserts.

Certification

Independent penetration test available for review. Certifications — SOC 2, ISO 27001, FIPS, Common Criteria — can be commissioned per implementation.

Intellectual property

Core methods are the subject of pending U.S. patent applications. Detailed detection, quarantine, and response logic remains proprietary, available for review under NDA.

Request the verification & certification method Request the Security & Verification whitepaper