Protection questions from IT leads, compliance and survey questions from DPAs and superintendents, deployment and commercial questions from owners and procurement — answered honestly, in plain English. If yours isn't here, ask. We publish the answer within one business day.
Yes — that's the design intent. Navis Arca produces the live, evidenced posture against IACS UR E26 and UR E27 that a surveyor from DNV, ABS, Lloyd's Register, Bureau Veritas, ClassNK, RINA, KR (and other IACS members) is looking for. The coverage PDF you export is the artefact the surveyor takes away. Procedural evidence (SMS revisions, training, drills) remains your team's responsibility — and our exports plug straight into that documentation.
Yes. TMSA 3 Element 13 controls — endpoint protection, removable media, access control, vulnerability management, audit log, and the rest — are pre-mapped to the same agent telemetry. You generate a vetting-ready PDF in two clicks: pick "TMSA 3" + the vessel, download. The same evidence base also covers BIMCO V5 and IMO MSC.428(98) so the next charterer or port-state inspector gets the same level of detail in their preferred format.
The headline four — pre-mapped, live evidence, two-click PDF export:
Beyond those, Navis Arca also covers:
See the full coverage matrix for the per-framework tier (live, coverage-ready, or aligned).
A polished, signed PDF coverage report — typically 15–40 pages depending on framework — listing every applicable control, the live evidence behind it, the per-vessel score, and any open gaps with the corrective action attached. It's drafted in the language inspectors expect, not marketing copy.
Good — that's what IMO Resolution MSC.428(98) requires. Navis Arca produces the operational evidence flag-state and port-state inspectors look for to verify that your SMS cyber clauses are actually being executed, not just documented. The coverage exports drop into your DOC verification pack with no rework.
For the technical-evidence side of every framework, yes. The platform produces the artefacts a consultancy would charge a per-day rate to assemble each cycle. Many of our customers either wind down or significantly reduce that retainer once Navis Arca is live. Procedural work — policy revisions, training, drills — remains a separate workstream.
The console shows which controls are passing, which are failing, and which are not yet covered — per vessel. The same view shows you exactly what to do to close the gap, with vendor-published guidance attached. You'll see the gap before the inspector does.
UR E26 (vessel-level cyber resilience) and UR E27 (system-level cyber resilience) are mandatory for vessels contracted on or after 1 July 2024. Existing tonnage isn't compelled by UR E26/E27 directly, but most operators apply the same controls voluntarily because charterers, P&I clubs and port-state inspectors increasingly expect them — and SMS verification under MSC.428(98) already requires equivalent demonstrable controls. Navis Arca covers both new-build and existing fleet on the same subscription.
Per device, the installer takes a couple of minutes. Across a typical vessel, the crew can usually enrol every machine in under an hour. Across a fleet, deployment is measured in days, not the weeks-or-months a hardware-based platform requires.
No. Navis Arca is software-only on the vessel. There is no on-board appliance, no port-call install window, and no engineer dispatched to the dock.
Windows (10, 11, Server 2016 onwards), macOS (12 onwards) and the major server Linux distributions (Ubuntu LTS, Debian, RHEL/CentOS-derived). The agent self-updates on a controlled cadence — you don't manage versions by hand.
On average, well under one megabyte per device per day. The agent ships delta-only telemetry, queues locally when offline, and is engineered specifically for VSAT and low-orbit satellite links.
The agent continues to enforce policy, run scans, and queue telemetry locally. When connectivity is restored, the queue drains in the background. Offline windows of days or weeks are tolerated by design.
Signed, controlled-cadence updates over the same encrypted channel as telemetry. You can pin a specific version per vessel if a class-society survey is imminent and you need a frozen build during the audit.
Yes — that's the design intent. Crew double-clicks an installer, the device auto-enrols, and reporting starts within seconds. We provide a one-page crew quick-start in PDF if you want it for the bridge folder.
Per-vessel annual subscription, billed predictably. There is no hardware capex, no per-endpoint surprise, and no separate licence for the compliance reporting. Volume pricing applies for fleets above 10 vessels — request a quote from our sales team.
No. The vessel subscription includes every endpoint on board. Operator seats are unlimited within reasonable use.
Yes. We offer a paid pilot on a single vessel (or a small group of vessels) with a clear success criteria document agreed up front. If it doesn't meet the criteria, you don't commit to fleet rollout.
All nine modules, the cloud console, MFA, the cryptographic audit trail, all four framework coverage exports, secure remote access for unlimited operators, agent updates, and 24×7 platform support.
Annual is standard. Multi-year terms attract discounts. We're open to bespoke terms for fleet operators with specific procurement constraints — talk to us.
Navis Arca does two things at once. First, it runs active cyber controls on every vessel endpoint: vulnerability and patch management, CIS hardening, USB policy enforcement, MFA, secure remote support, endpoint health monitoring. Second, those controls automatically produce the live compliance evidence a class-society surveyor, charterer, port-state inspector or P&I underwriter expects — pre-mapped to IACS UR E26/E27, TMSA 3, BIMCO V5 and IMO MSC.428(98). One agent, one console, no on-board hardware.
Six active controls run continuously on every endpoint:
Three further controls (coverage reporting, asset register, tamper-proof audit) turn that activity into the inspection-ready evidence layer.
No. Navis Arca complements your existing AV/EDR. We monitor its health, surface gaps in coverage, and roll up posture across the fleet. The active controls in Navis Arca (vulnerability management, hardening, USB policy, MFA, secure remote, audit) sit alongside AV/EDR — different layer, different job. We're explicit about the boundary so security teams know exactly where each tool ends.
No. The agent runs as a low-priority service, sub-MB / day on the wire, with negligible CPU footprint at idle. We don't ship features that materially change endpoint behaviour without explicit operator action — every protective control is opt-in at the policy level and audit-logged when it engages.
Navis Arca covers the IT estate on board — bridge computers, planning systems, crew machines, ECDIS workstations, satcom routers, servers. For deeply embedded OT (engine controls, navigation hardware), we work with the OEM and class society on the right architecture; ask us about a specific vessel.
Yes. Browser-based Remote Desktop, terminal and file transfer are built in — no client install for your team, no VPN for the ship. Every session is logged in the cryptographically chained audit trail and replayable for evidence.
Telemetry is stored in a region you select at onboarding. Default residency options include India, Singapore and the EU. Data in transit is TLS 1.2+; data at rest is encrypted with managed keys.
Only operators you authorise on your tenant. Internal Navis Arca / Necurity Solutions access requires an audited, time-limited support session that you initiate from the console.
Yes. The agent is code-signed, communicates only with our control plane over pinned TLS, and resists local-user tampering. Any tampering attempt is recorded as an audit event.
Navis Arca is built and operated by Necurity Solutions, an ISO 27001 certified cybersecurity company. The platform itself is subject to internal Red Team / VAPT cycles using the same methodology we apply to enterprise customers.
Role-based access with mandatory MFA (TOTP / WebAuthn). Per-action audit logging. Session timeout enforced. SSO available on request for enterprise customers.
Every operator action (login, logout, USB toggle, scan trigger, policy change, remote-session start/end) and every relevant agent event (enrolment, posture change, vulnerability detection, failed AV check). Records are cryptographically chained — any retroactive tampering is detectable.
24×7 platform support, console help-centre access, and a named technical account manager for fleets above 10 vessels. Email response targets are documented in the service contract.
From the console help menu — that's the fastest path to engineering and the only channel that ties a ticket to your tenant automatically. Email support@navisarca.com for support, or sales@navisarca.com for commercial questions.
Yes. Standard onboarding includes a kick-off call, dashboard walkthrough, agent-rollout briefing for vessel crews, and a one-week check-in. Bespoke onboarding (workshops, runbook authoring) available for larger fleets.
The console provides incident packaging — a one-click export bundling the affected device, timeline, audit trail, and current posture, ready to share with your incident-response provider, insurer, or class society. Necurity Solutions' SOC team can be engaged for hands-on response under a separate IR retainer.
Send it. We'll come back within one business day — and if it's a question others ask too, we'll publish the answer here.