Security
Security controls for a practical procurement MVP.
ProcureDesk PK uses simple, auditable controls suitable for the MVP workflow. Production deployments should add organization-specific policies, backups, monitoring, and storage controls.
Email and password authentication with hashed passwords
Signed HTTP-only session cookies for dashboard access
Role-based access for Admin, Requester, Procurement Officer, and Approver
Secure tokenized quote links for vendor quotation submission
Server-side validation with Zod for core forms and quote submissions
Activity logging for important procurement actions
Database-backed audit history for approvals and quotation decisions