This document defines the strict data sovereignty and security framework governing the IraqRankings (IRAP) Audit System. As a forensic data controller, we are committed to the absolute confidentiality of proprietary business evidence while maintaining public transparency for compliance scores.
1
1. Data Acquisition Vectors
IRAP aggregates data through three distinct, verified channels:
Public Registry Ingestion: Automated retrieval of trade licenses and legal standings from Iraqi government databases.
Forensic Evidence Submission: Proprietary documents (financial audits, ISO certificates) voluntarily submitted by entities to the "Evidence Locker."
On-Site Field Data: Geotagged imagery and operational logs collected by IRAP auditors during physical inspections.
Public Registry Ingestion: Automated retrieval of trade licenses and legal standings from Iraqi government databases.
Forensic Evidence Submission: Proprietary documents (financial audits, ISO certificates) voluntarily submitted by entities to the "Evidence Locker."
On-Site Field Data: Geotagged imagery and operational logs collected by IRAP auditors during physical inspections.
2
2. Forensic Data Utilization
Collected intelligence is processed exclusively for the generation of the IRAP Integrity Score. Usage includes:
- Algorithmic calculation of Operational Stability Indices.
- Cross-referencing claims against government blacklists.
- Detecting pattern anomalies indicative of fraud or digital manipulation.
- Generating immutable audit trails for procurement officers.
3
3. Digital Telemetry & Session Integrity
We utilize secure session tokens and cryptographic telemetry solely to:
- Prevent unauthorized access to the Evidence Locker.
- Detect bot-driven manipulation of public rankings.
- Maintain audit trail continuity during data submission.
4
4. Data Sovereignty & External Interoperability
IRAP enforces a Strict Non-Disclosure policy.
We do not sell, trade, or leak corporate data to advertisers. Data is only shared with:
We do not sell, trade, or leak corporate data to advertisers. Data is only shared with:
- Judicial authorities (upon formal court order).
- The specific entity requesting its own file (Right of Access).
5
5. Entity Rights & Rectification
Registered entities retain ownership of their submitted evidence. Rights include:
- Right to Inspect: Requesting a full dump of the IRAP forensic file on your entity.
- Right to Rectification: Submitting updated evidence to correct obsolete scores (subject to re-audit).
- Right to Delisting: Requesting removal from the public registry (Red Listed entities excluded).
6
6. Immutable Audit Trails
To ensure the integrity of our rankings, all changes to a company’s score are logged in a permanent, read-only ledger. This prevents internal manipulation or bribery. Every score change is timestamped, signed by the auditor, and archived.
7
7. Military-Grade Encryption Standards
All submitted evidence is encrypted at rest using AES-256 standards. Data in transit is secured via TLS 1.3. The "Evidence Locker" operates on a Zero-Trust architecture, meaning even IRAP junior staff cannot access sensitive financial documents without senior authorization.
8
8. Corporate Eligibility Scope
The IRAP ecosystem is designed strictly for registered legal entities (B2B/B2G). We do not knowingly collect personal data from minors or unregistered individuals.
Compliance Inquiries?
For data governance inquiries, DPO (Data Protection Officer) contact, or to file a formal confidentiality grievance:
Contact Data Governance UnitThis protocol constitutes a binding agreement between the Entity and the IraqRankings Audit Authority.