SECURITY

How we protect your data
and our infrastructure.

Last reviewed: May 2026 · Arcturus Technologies, Inc.

1. Infrastructure security

The Applicare platform runs on hardened cloud infrastructure across geographically isolated availability zones. All production systems are deployed within private virtual networks with no direct public ingress. Network perimeters are enforced through layered security groups, Web Application Firewalls (WAF), and DDoS mitigation at the edge.

Servers are provisioned from immutable, version-pinned base images. Configuration drift is detected and auto-remediated by IntelliTune. Kernel-level hardening follows CIS Benchmark Level 2 baselines for Linux.

2. Compliance certifications

  • FedRAMP High — Authorization in progress. Purpose-built for FedRAMP High workloads with NIST 800-53 control mapping and ATO evidence automation.
  • ISO 27001 — Information security management system certified across Applicare development, operations, and support.
  • SOC 2 Type II — Pursuing certification. Trust Service Criteria continuously monitored and evidenced.
  • FIPS 140-2 — All cryptographic modules are FIPS 140-2 validated.
  • ITAR — Data residency and access controls meet ITAR requirements for applicable customers.
  • FISMA — U.S. federal customers operate under FISMA-compliant controls and continuous monitoring.
  • CMMC Level 2 — Controls aligned to CMMC Level 2 for the Defence Industrial Base.

3. Authentication and access control

  • Multi-factor authentication (MFA) required for all access. SAML 2.0 and OIDC SSO supported for enterprise customers.
  • Role-based access control (RBAC) enforced at the API layer. Permissions scoped to minimum required function.
  • Privileged access requires just-in-time (JIT) elevation with full audit trail. No standing privileged accounts.
  • Sessions time-limited. Idle sessions terminate after 15 minutes. Refresh tokens rotate on each use and revoke on sign-out.
  • IAM posture continuously mapped by Applicare — escalation paths and wildcard permissions flagged in real time and queued for remediation.

4. Data protection

In transit: TLS 1.2+ enforced across all endpoints. TLS 1.0 and 1.1 disabled. Certificates are short-lived and rotated automatically.

At rest: All data encrypted with AES-256. Keys managed via dedicated KMS with automatic rotation. BYOK available for enterprise deployments.

Data isolation: Customer data logically isolated at storage and query layers. Cross-tenant access is architecturally prevented.

Data residency: Customers may elect a residency region. Data does not leave that region without explicit authorisation. Air-gapped and on-premises deployment options are available.

5. Vulnerability management

  • Automated dependency scanning on every commit via Dependabot and SAST tooling.
  • Container image scanning at build time and continuously in production via Applicare security posture management.
  • Annual third-party penetration testing. Summary reports available to enterprise customers under NDA.
  • Responsible disclosure: report vulnerabilities to security@arcturustech.com.

6. Incident response

Arcturus maintains an incident response plan aligned to NIST SP 800-61. Incidents are triaged within 1 hour, investigated within 4 hours, and communicated to affected customers within 24 hours of confirmation. All timelines retained in an immutable audit log.

7. Audit logging

Every access event, configuration change, and administrative action is logged immutably for a minimum of 12 months. Logs are tamper-evident and stored separately from production systems. ArcIn AI continuously correlates events against behavioural baselines, triggering automated alerts on anomalous patterns.

8. Physical security

Applicare cloud infrastructure resides in SOC 2 Type II and ISO 27001-certified data centres. Physical access requires multi-factor biometric authentication, 24/7 CCTV, and mantrap entry. On-premises deployments operate within the customer's own secured environment.

9. Contact

For security enquiries, vulnerability disclosures, or to request our security documentation package:

Arcturus Technologies, Inc.
McLean, VA 22102, USA
Email: security@arcturustech.com
Phone: +1 (866) 262-7971