Assurance
What is assured is specific and testable: no foreign access path, no telemetry of intelligence value leaving the deployment, and a system that runs without CCC. A claim that has not been verified is described as attestable or demonstrable under test — never as proven.
Verified by an independent auditor, an independent escrow agent, and the customer’s own experts. Anyone can confirm that a running system matches CCC’s published, signed fingerprints, without access to source code.
No hidden access: no channel, including CCC’s own management tools, can reach past the encryption-and-verification gate. No leaky telemetry: what the system sends carries nothing of intelligence value; its format is published, and the customer can inspect it before it is sent. Breach of either is an automatic, contract-defined event that drops the deployment to its most locked-down setting. Both are things the customer can detect, not things CCC asserts.
An independent penetration test has been completed; a publishable third-party security audit scoped to the sovereignty claims is being commissioned. Certifications — SOC 2, ISO 27001, FIPS, Common Criteria — are shown as a dated roadmap, not as held.
Core methods are the subject of pending U.S. patent applications. Detailed detection, quarantine, and response logic remains proprietary, available for review under NDA.