Skip to main content
Public website
Public website surface Marketing and explanation content. This is not the canonical authenticated runtime.
Canonical runtime: app.identityfirst.net
Evidence-first

Evidence-first means the public story stays inspectable.

IdentityFirst uses the term evidence-first narrowly. On this website, it means a public claim should point to a public page, a public attestation, or a public status surface that a buyer can inspect without asking for private access.

Open the evidence register See trust & security

What we mean by evidence-first

This is a website discipline first: claim less, point to proof, and keep the proof public where possible.

Public claim, public source

If the site says something is live, read-only, in progress, or limited by maturity, the source should be a public page a buyer can open directly.

Verification path attached

A buyer should be able to click from a claim to the exact surface that supports it, then repeat that boundary in procurement or board language without embellishment.

No inflation around scope

Connector counts stay explicit, framework language stays at cross-reference level where that is the truth, and programme status stays qualified when work is still in progress.

What qualifies as evidence here

This section is deliberately conservative.

Included

Public product status, public trust wording, public connector catalog labels, and public attestations repeated on the site.

Not included

Private diligence packs, unpublished runtime data, internal implementation details, and roadmap promises that are not exposed on public pages.

What that means in practice

If a buyer cannot inspect it on a public surface from this site, it should not appear here as public proof.

Current public evidence surfaces

These are the website surfaces the register relies on today.

Product status

Public product stage labels and read-only operating boundary.

Open product status

Trust & security

Public trust statements, read-only guarantee language, and public company attestations.

Open trust page

Integrations

Explicit connector maturity counts and published catalog boundaries.

Open integrations

Evidence register

The structured list of key public claims, evidence source, and verification path.

Open register

Evidence-first includes language discipline.

Where the public truth is framework cross-reference support, we say that. We do not quietly turn that into certification, evidentiary guarantee, or audit-outcome language.

Findings cross-referenced to framework controls

ISO 27001 SOC 2 Type II NIST CSF CIS Controls DORA NIS2

The public claim is that MRI findings can be cross-referenced to these frameworks. Formal audit interpretation, certification outcomes, and stronger evidentiary workflows depend on written scope and the export path actually in use.

What the register covers now

8 public claims grouped into 6 evidence areas, each with a public verification route.

Product boundary

1 register entry with a public source and verification path.

Operating boundary

2 register entries with a public source and verification path.

Connector truth

1 register entry with a public source and verification path.

Reporting boundary

1 register entry with a public source and verification path.

Public attestation

2 register entries with a public source and verification path.

Programme status

1 register entry with a public source and verification path.

What this section does not pretend to be

Not a customer evidence room

Private customer reports, deployment-specific outputs, and diligence artefacts are outside public scope.

Not a substitute for written scope

Where stronger verification, exports, or governed write paths matter, the controlling source is the written scope and deployment model.

Not a roadmap proxy

The register records what is publicly stated now. It is not a place to imply unreleased breadth.

Use the register as the ceiling for public proof, not the starting point for a broader claim.