Security

Security controls that support real workflows.

Reduce risk without slowing teams down. Cohessra uses role-based access and secure authentication patterns designed for practical, day-to-day use.

Book a Demo Talk to Support

At a glance

The highlights buyers and security reviewers typically check first.

Access control

Roles and permissions help ensure users only see what they should.

Authentication

MFA-supported sign-in to reduce account takeover risk.

Data protection

Practical controls to keep sensitive client context in the portal, not email.

Auditability

Clear structure supports oversight and review of sensitive workflows.

Security principles that map to real controls.

A high-level overview for procurement and security review—written to be specific and avoid overpromising.

Least privilege by default

Access is designed around roles so teams can limit who can view or manage sensitive data and workflows.

Secure authentication

Sign-in workflows can be protected with MFA where available, helping reduce account takeover risk.

Privacy-first handling

We aim to keep data handling purposeful and limited to what is needed to deliver the service.

Role-based access control (RBAC)

RBAC helps organizations align permissions to responsibilities. Examples below are illustrative and may vary by deployment and configuration.

Admin

Illustrative

Manage users, roles, and locations
Configure billing settings
View high-level operational health

Billing

Illustrative

Create and manage invoices
Monitor payment status
Handle subscription-related workflows

Staff

Illustrative

Use assigned workflows needed for daily operations
Access client messages or scheduling where enabled
Operate within assigned permissions

Protecting data in day-to-day use

Controls are designed to support secure, practical workflows—especially when messaging and attachments are involved.

Transport and storage

Cohessra is designed to use encrypted transport and secure storage practices appropriate to the service. Customers can request additional documentation during procurement.

Attachments and sharing

When file uploads and attachments are enabled, the goal is to keep sensitive sharing inside a controlled portal experience rather than inbox threads.

Operational controls

Role-based permissions and authentication controls help reduce accidental exposure and support accountability within teams.

Designed to support compliance programs

Many customers operate under industry or regional requirements. We aim to support compliance programs, but each customer is responsible for evaluating fit with their specific obligations.

HIPAA: BAA workflows can be supported where applicable, subject to executed agreements.

GDPR: privacy practices are designed to support lawful processing and customer requirements.

SOC: security-oriented controls and documentation can support SOC 2-aligned review requests during procurement.

Common security questions we can cover

If you’re gathering materials or preparing for a review, these are the topics teams typically ask about first.

Access control and roles

How RBAC works, what roles can do, and how to keep permissions aligned to responsibilities.

Authentication and MFA

Sign-in flows, MFA expectations, and the recommended setup to reduce account takeover risk.

Data handling and sharing

How the portal keeps sensitive context out of email threads—especially for messages and attachments.

Vendor review materials

What documentation we can provide during procurement and how we scope requests to your deployment.

Need security materials for your review?

Book a demo and we’ll provide the right materials for your evaluation process.

Book a Demo Talk to Support