Infrastructure

Overview

Internal document security controls: malware scan, encryption, rate limits, and GCS reconciliation.

Documents pass malware scanning on upload. (UAT-C-COMM-DOC-004)
Sensitive text fields use encryption at rest. (UAT-C-COMM-DOC-007)
Rate limits protect public ingestion endpoints. (UAT-C-COMM-DOC-006)
Workers reconcile storage with database metadata. (UAT-C-COMM-DOC-003)
Review the audit trail on the record. (Expected: activity event with actor and timestamp.) (UAT-C-COMM-DOC-002)
If access is denied, verify module activation at tenant and company level before retrying. (UAT-C-COMM-DOC-005)

Operational concerns—configured by platform admins.

Key	Title	Module	Docs impact	Summary	Risk	UAT
`communication.documents.audit-redaction`	Audit Log Filename Redaction for PII Protection	documents	optional	Audit Log Filename Redaction for PII Protection	medium	UAT-C-COMM-DOC-004
`communication.documents.gcs-lifecycle-iam`	GCS Lifecycle Policy and IAM Role Enforcement	documents	optional	GCS Lifecycle Policy and IAM Role Enforcement	high	UAT-C-COMM-DOC-007
`communication.documents.gcs-reconciliation`	GCS-DB Reconciliation Worker for Data Alignment	documents	optional	GCS-DB Reconciliation Worker for Data Alignment	high	UAT-C-COMM-DOC-006
`communication.documents.malware-scan`	Malware Scan Enforcement for Document Upload	documents	optional	Malware Scan Enforcement for Document Upload	high	UAT-C-COMM-DOC-003
`communication.documents.rate-limiting`	Upload Rate Limiting for Document Security	documents	optional	Upload Rate Limiting for Document Security	medium	UAT-C-COMM-DOC-002
`communication.documents.text-encryption`	Extracted Text Encryption with AES-256-GCM	documents	optional	Extracted Text Encryption with AES-256-GCM	high	UAT-C-COMM-DOC-005