Our default is open standards. Deviations are justified (explain) and minimized. This accelerates integrations, reduces lock-in, and simplifies audits.
JSON/REST, OpenAPI, CSV/Parquet where relevant
OIDC, SAML, OAuth 2.0, JWT
TLS 1.2+, HTTPS, HSTS
SPF, DKIM, DMARC; optional DNSSEC
PDF/A, CSV/ODS; machine-readable exports
IPv6-ready where applicable
• We apply open standards if they are on the list or de facto industry standards.
• We document deviations with reason, impact, and mitigation.
• Annual review in the Open Standards Register (internal reference).
If a third-party system requires closed formats, we provide an export layer (mapping, conversion).
For legacy integrations, we publish a migration path with timeline.