Benefits · Security & sovereignty
Your requirements — your cloud, your country, your control
Requirement data can be classified, commercially sensitive, security-critical, or indirectly personal. Qrendo req:ai is built for organisations where a generic SaaS deployment is not enough. The platform can run in a controlled European or country-specific cloud environment — or on-premise for customers with higher security and sovereignty requirements.
Today's risks
Sensitive requirement data leaves your control: Requirements, risks, incidents, and verification evidence may reveal business-critical processes, system weaknesses, supplier dependencies, or security-sensitive information.
Foreign cloud dependency creates sovereignty risk: Using global cloud and AI services can introduce uncertainty around data location, legal jurisdiction, subprocessors, and long-term strategic control.
Generic SaaS does not fit every security model: Some organisations require on-premise deployment, national data residency, dedicated infrastructure, or strict separation from other customers.
Weak access control increases operational risk: Shared documents and broad permissions make it harder to prevent accidental edits, unauthorised access, uncontrolled exports, and unclear accountability.
How Qrendo req:ai addresses it
Deployment options for European, national, or on-premise control
Qrendo req:ai can run in Europe, in a specific country where required, or on-premise for customers with stricter security needs. This gives organisations control over where requirement data is stored, processed, and operated.
Dedicated customer environments
Each customer can run in a fully separated environment, not as part of a shared multi-tenant platform. Data, users, and configuration are isolated per installation.
Role-based access control (RBAC)
Project permissions are built as named permission groups per project — admin-defined packages covering read, export, import, review, finalize, change management, V&V, AI analysis, and more. Least privilege becomes operational, not just on paper.
Classification levels per project
Project classification levels can be assigned to requirements, sources, imports, and risks, so labelling follows the same taxonomy across the entire requirements base.
Audit trail and logged API access
Per-entity changelog supports audit responses and governance reporting. API tokens log usage, important for tool-chain integrations without spreading credentials.
Concrete outcomes
A clear data-sovereignty story for procurement: you can specify where data is stored and processed.
Fewer accidental changes and access incidents thanks to granular, role-based permissions.
Evidence for audits and governance: every change is logged with user, timestamp, and context.
Air-gap and migration support: export projects as structured ZIP archives and reimport to isolated environments.