Encryption in transit
All traffic between the vessel agent, the operator console and the cloud control plane is encrypted with TLS. Stored data is encrypted at rest.
We ask fleet operators to run our agent on every vessel endpoint — so we hold ourselves to the standard our own customers are audited against. This is the single place your security, procurement and legal teams can find how Navis Arca is built, how your data is handled, and the documents you need for a vendor review.
A summary of the controls behind Navis Arca. Detailed documentation — architecture, control matrices, penetration-test summaries — is available to customers and active prospects under NDA.
All traffic between the vessel agent, the operator console and the cloud control plane is encrypted with TLS. Stored data is encrypted at rest.
Operator access to a tenant requires multi-factor authentication and is governed by role-based access control, with a queryable, tamper-evident audit log of every action.
The control plane is multi-tenant and region-pinned, so customer data stays in the region you choose. Tenants are logically isolated from one another.
Any Navis Arca or Necurity access to your tenant is time-limited, fully audited, and initiated by you from the console. No standing access to customer data.
The platform is subject to internal Red Team / VAPT cycles using the same methodology Necurity applies to enterprise customers, with continuous vulnerability management.
Navis Arca is built and operated by Necurity Solutions, which maintains an independently audited ISO/IEC 27001-certified information security management system.
Self-serve the standard documents below. Anything not published here — SOC-style control summaries, architecture diagrams, penetration-test letters, questionnaire responses (CAIQ / SIG) — is available under NDA on request.
Our coordinated vulnerability disclosure policy, safe-harbour commitment, and product security posture.
What personal data we process, the legal bases, residency, retention, and the rights available to individuals.
Our standard GDPR Article 28 DPA — roles, security measures, breach notification, transfers and audit rights.
The third parties we engage to operate the Service, what they process, and where.
Our availability commitment, support response targets, and service-credit remedies.
Current operational status of the control plane, console, agent connectivity and website.
The contractual terms governing use of the platform and this website.
The maritime frameworks Navis Arca produces evidence for — IACS UR E26/E27, TMSA 3, BIMCO V5, IMO MSC.428(98) and 20+ more.
We'll send our security package — control summaries, architecture overview, test letters and a completed questionnaire — under NDA, and join a call with your security team.