Security Documentation
SOC 2 Security Policies
Our security controls, access policies, and compliance framework
SOC 2 Type II Certification Planned
Cyber Anchor is actively working towards SOC 2 Type II certification, targeted for Q2/Q3 2026. Our security controls are designed to meet SOC 2 requirements for security, availability, and confidentiality.
Data Encryption
- All data encrypted at rest using AES-256-GCM
- TLS 1.3 for all data in transit
- Per-vessel Data Encryption Keys (DEKs)
- Master key rotation without data re-encryption
- Field-level encryption for sensitive asset data
Access Control
- Role-based access control (RBAC)
- Row-Level Security (RLS) enforced at database layer
- Multi-tenant isolation via JWT claims
- Time-limited surveyor access tokens
- IP whitelist restrictions for sensitive operations
Audit & Monitoring
- Golden Thread audit trail for all changes
- Immutable compliance history logs
- Real-time security event monitoring
- Automated anomaly detection
- 30-day log retention minimum
Infrastructure Security
- SOC 2 Type II certification planned Q2/Q3 2026
- Automated security patching
- Network segmentation and isolation
- Regular penetration testing
- Disaster recovery with 4-hour RTO
Compliance Standards
| Standard | Status | Timeline |
|---|---|---|
| SOC 2 Type II | Planned | Q2/Q3 2026 |
| IACS UR E26/E27 | Aligned | Ongoing |
| GDPR | Aligned | Ongoing |
Security Questions?
For security-related inquiries, vulnerability reports, or compliance documentation requests, please contact our security team.
Contact Security Team