What we have written down.
Two kinds of documents. Whitepapers for procurement, audit, and architecture review. Notes for senior readers thinking through the same problems we are. Both are written by the people building the platform, not by a marketing team.
For procurement, audit, and architecture review.
Procurement-grade documents. Architecture, policy, posture. Versioned. Citable. Available on request until they are published here.
The BIPA technical paper
The schema is the contract. The compiler enforces it. How Kwerio compiles a single declarative schema into the database, the API, the UI, and the governance enforcement, together.
The seven public policies
Backup and disaster recovery. Data residency. Access control and segregation of duties. Encryption. Multi-tenant isolation. Audit trail and tamper-evidence. Incident response. Documented in detail, available to any procurement team that asks.
Compliance posture
GDPR by design. NIS2-aligned. Architected for the EU AI Act. DORA where it applies. What the architecture commits to, and what it does not.
Security architecture brief
Threat model, encryption posture, key management, multi-tenant isolation. The procurement-grade security brief. Sent to procurement and audit teams on request.
For senior readers thinking through the same problems we are.
Shorter pieces. Strategic and provocative, not aggressive. Drawn from what we see across the operations we run.
The shadow IT closing the month
Walk into any company running a modern ERP. Ask the finance team how they actually close the month. The people building those workarounds are not the problem. They are solving one.
Your AI agent just made a decision. Who owns it?
A vendor passes onboarding. The agent approves the contract. The CFO signs nothing. The auditor asks who the responsible party is. The platform has no answer that is not aspirational.
An AI agent just showed up to buy from you
Procurement is no longer a human-only conversation. Identity, mandate, and accountability for an AI buyer are not solved by your existing KYC stack. The question is who you are dealing with, not what.
What advisory firms are actually selling
They are selling accountability transfer, not analysis. The shape of the engagement, the pricing model, and the deliverable all support that single thesis. The question is what survives when accountability becomes structural.
Your encrypted contracts may already be compromised
Quantum is not a future risk for procurement and audit. Harvest-now-decrypt-later means the supplier contracts you signed last year are already in someone's archive. The question is what your retention policy assumes about that.
Need any of these now?
The whitepapers are written. They are not yet published on this site. Procurement and audit teams who need a copy before that happens can request the latest version directly. We send within a day.
For the notes, the published versions live on LinkedIn. The refactored versions on this site will follow.
Request a copy