Trust Center
LendMetrics provides control transparency across origination, credit, workflow, repayment, and servicing. The matrix below maps core control domains to implementation and operational evidence.
Control Domains
5
Mapped Controls
15
Operational Cadence
Daily
Audit Readiness
Traceable
Filter by domain to review governance, security, audit, resilience, and privacy controls.
| Domain | Control Objective | Platform Implementation | Operational Evidence | Cadence |
|---|---|---|---|---|
| Governance | Segregate operational duties across credit lifecycle roles. | Role-based access permissions and workflow stage ownership. | User role mapping, permission assignments, and event history. | On user change |
| Governance | Enforce maker-checker control for key approvals. | Workflow routing and delegated authority checkpoints. | Approval sequence and actor trace in workflow logs. | Per decision |
| Governance | Maintain accountable case ownership. | Case linkage and ownership model for operational records. | Case register and linked communication records. | Continuous |
| Security | Protect in-transit data confidentiality. | HTTPS/TLS transport requirement. | Environment configuration and endpoint access policy. | Continuous |
| Security | Limit privileged operational access. | Restricted administrative account access and controlled permissions. | Admin account review and access history. | Monthly |
| Security | Prevent unauthorized data actions. | Authenticated user sessions with permission checks per view/action. | Application access logs and denied action records. | Continuous |
| Audit | Reconstruct credit decisions end to end. | Credit workflow events, rating outputs, and decision records. | Application audit trail and decision artefacts. | Per decision |
| Audit | Track client communications and follow-through. | Notification stream and task assignment records. | Notification ledger, task status history. | Daily |
| Audit | Preserve operational traceability for repayments. | Repayment schedule, allocation, and servicing event records. | Ledger and allocation history extracts. | Per transaction |
| Resilience | Support recoverability from data disruption events. | Routine backup and restore process. | Backup execution logs and restore validation evidence. | Daily |
| Resilience | Maintain stable production operations. | Monitoring and incident handling workflow. | Incident records and operational review notes. | Continuous |
| Resilience | Reduce change-related deployment risk. | Version-controlled code change and review process. | Commit history and release trail. | Per release |
| Privacy | Collect and process only required operational data. | Structured field capture and role-scoped data access. | Schema and permission review records. | Quarterly |
| Privacy | Support user-level accountability for data handling. | User-linked actions and timestamped workflow events. | Event logs with actor and time metadata. | Continuous |
| Privacy | Maintain governance-ready privacy posture. | Policy-aligned access design and control review framework. | Internal control review documentation. | Quarterly |
Daily
Backup checks, operational monitoring review, and workflow queue triage.
Weekly
Control and incident review with follow-up ownership across ops and admin.
Monthly
Access and privileged account verification with remediation workflow.
Quarterly
Governance posture review covering privacy alignment and control completeness.
Workflow
Approval and decision history
Access
Role and permission mappings
Servicing
Repayment and allocation records
Operations
Task and notification trace