← Trust Center

TRUST · SECURITY POSTURE

KAVACH security posture and responsible disclosure

Operational security is designed around the principle that sensitive vehicle-architecture data stays inside the customer-defined boundary. Specific controls depend on the deployment model selected for the programme.

PROCESS ALIGNMENT — WHAT WE CLAIM

ISO 9001 and ISO/IEC 27001 process alignment

Agnile’s quality processes are aligned with ISO 9001 and information-security processes are aligned with ISO/IEC 27001. These are process alignments, not third-party certifications.

Agnile does not currently claim formal SOC 2 attestation, third-party ISO/IEC 27001 certification, or any equivalent third-party attestation. If procurement requires evidence beyond what is published here, contact the engineering team to discuss what can be shared under NDA.

WORKSPACE SECURITY CONTROLS

Controls depend on the deployment model

KAVACH is designed to support customer-aligned security controls. The exact control surface varies because each deployment model places different operational responsibility with the customer and with Agnile.

  • 01

    Authentication and access

    Access to KAVACH is designed to integrate with customer-controlled identity providers in on-premise and VPC deployments. Engineer accounts, roles, and review permissions are configurable.

  • 02

    Encryption in transit

    Network traffic between client and KAVACH services is designed to use modern TLS configurations. In customer-controlled desktop deployments, traffic stays local to the customer's machines and network.

  • 03

    Encryption at rest

    Workspace data is designed to support encryption-at-rest at the storage layer. The customer-dedicated EU VPC option uses managed-storage encryption; the on-premise model inherits the customer's storage encryption policy.

  • 04

    Audit and review trail

    Engineer-review actions on TARA records, attack paths, controls, and Cybersecurity Case artefacts are designed to leave an auditable trail inside the workspace.

  • 05

    Vulnerability management

    Internally, dependency vulnerabilities are tracked with automated and manual review. Externally, the published responsible-disclosure programme is the coordinated entry point for security reports.

  • 06

    Operational separation

    Customer-dedicated VPC deployments are scoped to one customer and not shared with other tenants. Agnile engineering access to a customer deployment is gated by explicit agreement.

RESPONSIBLE DISCLOSURE

Reporting a security issue

Agnile operates a published responsible-disclosure programme with defined scope, safe-harbor terms, and response timelines. The security page is the canonical entry point for coordinated reports.

CANONICAL DISCLOSURE PATH

Go to the security page for in-scope assets, out-of-scope items, safe-harbor terms, response timelines, and contact paths. The published programme is mirrored in /.well-known/security.txt for machine discoverability.

FAQ

Security posture FAQ

Security review on KAVACH? Bring the questions.

Procurement and security reviewers routinely walk through KAVACH posture in a working session — under NDA where needed.