← Trust Center

TRUST · SECURITY POSTURE

KAVACH Security Posture and Responsible Disclosure

Operational security is designed around the principle that sensitive vehicle-architecture data stays inside the customer-defined boundary. Specific controls depend on the deployment model selected for the programme.

CERTIFICATIONS

ISO 9001:2015 and ISO/IEC 27001:2022 Certified

Agnile is certified to ISO 9001:2015 (Certificate No. 25110401) and ISO/IEC 27001:2022 (Certificate No. 25110402).

If procurement requires evidence beyond what is published here, contact the engineering team to discuss what can be shared under NDA.

WORKSPACE SECURITY CONTROLS

Controls depend on the deployment model

KAVACH is designed to support customer-aligned security controls. The exact control surface varies because each deployment model places different operational responsibility with the customer and with Agnile.

  • 01

    Authentication and access

    Access to KAVACH is designed to integrate with customer-controlled identity providers in on-premise and VPC deployments. Engineer accounts, roles, and review permissions are configurable.

  • 02

    Encryption in transit

    Network traffic between client and KAVACH services is designed to use modern TLS configurations. In customer-controlled desktop deployments, traffic stays local to the customer's machines and network.

  • 03

    Encryption at rest

    Workspace data is designed to support encryption-at-rest at the storage layer. The customer-dedicated EU VPC option uses managed-storage encryption; the on-premise model inherits the customer's storage encryption policy.

  • 04

    Audit and review trail

    Engineer-review actions on TARA records, attack paths, controls, and Cybersecurity Case artefacts are designed to leave an auditable trail inside the workspace.

  • 05

    Vulnerability management

    Internally, dependency vulnerabilities are tracked with automated and manual review. Externally, the published responsible-disclosure programme is the coordinated entry point for security reports.

  • 06

    Operational separation

    Customer-dedicated VPC deployments are scoped to one customer and not shared with other tenants. Agnile engineering access to a customer deployment is gated by explicit agreement.

RESPONSIBLE DISCLOSURE

Reporting a Security Issue

Agnile operates a published responsible-disclosure programme with defined scope, safe-harbor terms, and response timelines. The security page is the canonical entry point for coordinated reports.

CANONICAL DISCLOSURE PATH

Go to the security page for in-scope assets, out-of-scope items, safe-harbor terms, response timelines, and contact paths. The published programme is mirrored in /.well-known/security.txt for machine discoverability.

FAQ

Security Posture FAQ

Security review on KAVACH? Bring the questions.

Procurement and security reviewers routinely walk through KAVACH posture in a working session — under NDA where needed.