| 01 |
Data in transit protection |
TLS on all external traffic to and from the appliance dashboard. On-premise dashboard-to-LAN traffic is protected by the customer's network controls. The appliance does not initiate outbound traffic to Arsenale unless explicitly configured for the signed update channel. |
IN PLACE |
| 02 |
Asset protection & resilience |
Customer-owned hardware on customer premises. No Arsenale-controlled storage of customer operational data. Resilience is the customer's deployment choice (single appliance, paired appliances, or offline backup). The product does not require continued Arsenale availability to operate. |
IN PLACE |
| 03 |
Separation between users |
The appliance is single-tenant by hardware. Each customer operates their own physical unit. There is no shared infrastructure between customers, and therefore no logical-separation challenge typical of multi-tenant cloud platforms. |
STRUCTURAL |
| 04 |
Governance framework |
Documented Information Security Posture (ISO 27001-aligned), Data Classification Policy, vulnerability disclosure process, and incident response procedure. Director-level accountability. Available to procurement under NDA. |
IN PLACE |
| 05 |
Operational security |
Cryptographically signed update channel; tamper-evident audit log with per-unit HMAC chain; minimal exposed network surface; published vulnerability-disclosure SLA (acknowledge within 5 business days, assess within 10, default 90-day coordinated window). |
IN PLACE |
| 06 |
Personnel security |
Engineer Day-One Briefing covers information security, ethical conduct, and modern-slavery awareness, with signed acknowledgement. UK right-to-work checks for all engaged personnel. Currently a sole-Director operation; controls scale with headcount. |
IN PLACE |
| 07 |
Secure development |
Source code in local git repositories on company-controlled hardware. No GitHub or GitLab. Update packages cryptographically signed before release. No external CI/CD service has access to source code. |
IN PLACE |
| 08 |
Supply chain security |
Subprocessors disclosed below on this page and reviewed annually. Hardware sourced from established suppliers in Tier-1 manufacturing jurisdictions; modern-slavery exposure assessed at /modern-slavery. Open-source dependencies tracked in the supplier file. |
IN PLACE |
| 09 |
Secure user management |
Customer-controlled identity model on the appliance. Per-unit cryptographic secrets; no shared default credentials across the fleet. Account creation, role assignment, and offboarding remain entirely with the customer. |
IN PLACE |
| 10 |
Identity and authentication |
Local authentication on the appliance dashboard at first boot. Customer identity-provider integration (SAML/OIDC) is on the roadmap; current deployments use shared-secret or LAN-restricted access patterns. No Arsenale-side identity service to compromise. |
PARTIAL |
| 11 |
External interface protection |
The appliance exposes only the dashboard and the agent endpoints. No remote management daemon, no inbound SSH on by default, no service the customer did not enable. Default posture is air-gap-capable; remote access is opt-in across four documented options (managed tunnel, VPN tunnel, LAN-only, BYO domain). |
IN PLACE |
| 12 |
Secure service administration |
No remote administration by Arsenale once the appliance is delivered. Customers administer the appliance themselves through the local dashboard or via the customer-chosen remote access option. No vendor backdoor; no remote kill-switch. |
IN PLACE |
| 13 |
Audit information for users |
Tamper-evident audit log records every licence event, activation, and policy-relevant action. Per-unit HMAC chain; modifying or deleting any row breaks the chain and is detectable on inspection. The log is exportable by the customer at any time. |
IN PLACE |
| 14 |
Secure use of the service |
Customer documentation includes secure-configuration guidance, the four remote-access options with their explicit trade-offs (see Remote access section above), and update procedures. Five years of security patches included in the base price; security is not behind the optional annual licence. |
IN PLACE |