Application
Origam access model is based on three-level security model consisting of users, roles and permissions. Once you define your permissions they automatically work everywhere. E.g. when you define row-level-security so the user can only see records of her organization those records appear in any screen, drop-down field or through an API call. For more information see Authorization.
Data change auditing
No matter through which functionality you change the data (a screen, sequential workflow, API call) - the changes in the data will always get audited. For more information see here.
Example
Built-in user management:
Communication
No matter which stack is used to run Origam, HTTPS is the default protocol. Incoming connections are handled by the stack, outgoing connections from workflows support TLS 1.2.
API permissions
Origam provides means to control which API methods each user role can access.
Data
Origam encrypts only user passwords. It uses an implementation of adaptive hasher.
In case of using MS SQL Server in the stack it is possible to use its Always Encrypted feature.