Armour Comms

Armour Signet - Secure Mobile Voice Communications with Armour Comms

A London organisation providing secure mobile communications (voice, video, messaging, group chat, data and conferencing) on Android, iOS and popular desktop platforms. Offering cost-effective, easy to use technology, cloud-based and on-premises solutions. SigNet assures the confidentiality and integrity of your secure communications with AES-256 end-to-end encryption with double-ratchet algorithm.

Features

• Secure voice and video calls, secure messaging, and secure conferencing
• AES-256 end-to-end encryption with double-ratchet algorithm
• Supports COTS devices such as Android, iOS, popular desktop platforms
• Anonymised provisioning of secure identities
• Message Burn/Time to Live (TTL) determines message life
• Hosted and managed service options are available
• Compatible with complementary technology e.g. MDM and MAM systems
• Secure by design
• Easy to use, simple to deploy

Benefits

• Manage governance, risk and compliance
• Flexible secure communications for home working/mobile workers/hot desking
• Face to face meeting environment wherever employees are located
• Team work will benefit from the secure group chat functionality
• Supports interoperability with Unified Communications
• 24/7 support options are available
• Managed alternative to WhatsApp, Viber, SIGNAL.
• Centralised user management
• User/ Group allow listing controls
• File sharing

£12.50 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.holman@armourcomms.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

396871450940916

Contact

David Holman
0203 637 3801
david.holman@armourcomms.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Private cloud
  • Community cloud
• Service constraints: SigNet by Armour can be downloaded currently to iOS and Android phones and tablet devices and popular desktop systems
• System requirements:
  • COTS Apple devices (phone or tablet) iOS Version 15+
  • COTS Android devices (phone or tablet) OS Version 6+
  • Windows 10 Desktop
  • Windows 11 Desktop
  • MacOS Version 11+
  • Linux Desktop e.g. Ubuntu 20.04+

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Severity-related response times from 4 hours upwards depending on SLA, during UK working hours 09:00 to 17:00 (see Support Levels).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Armour provides customer specific account managers to support client requirements .; 24x7 support can be made available at additional cost depending on requirements.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Although the service is very intuitive, training services are available e.g. train the trainer and can be quoted on request.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Armour SigNet images and files can be exported out of the app's encrypted database to the device file system by a user.
• End-of-contract process: The customer will be contacted prior to the end of the contract to see if they wish to renew. If they do not wish to renew, the app will cease to communicate with the service. The app will remain on the device and securely retain all the information within it.

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: SigNet by Armour is designed to offer the same functionality and similar look and feel on all platforms.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: No

Scaling

• Independence of resources: Usage is monitored on a continual basis and scaled according to requirement

Analytics

• Service usage metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
• Other data at rest protection approach: Armour SigNet secure data at rest on mobile devices is encrypted to protect it. Data at rest on servers is protected by user-specific encryption, physical access control to dedicated server room, staff authorisation, staff security clearance, etc.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: For security reasons the data sent and received by the app is stored on-device in an encrypted database. Armour SigNet images and files can be exported out of the app's encrypted database to the device file system by a user and thus copied off the device if needed.
• Data export formats: Other
• Other data export formats:
  • Original file type format
  • Encrypted compressed backup for multiple files
• Data import formats: Other
• Other data import formats: Import/send most file types from device file system

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: SigNet's secure services are protected by end-to-end encryption using AES-256 with double-ratchet key management providing forward secrecy and message authentication.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All inter-server communications within the Armour SigNet secure service use at least TLS1.2+ with AES-256, firewalling, intruder detection, monitoring, etc.

Availability and resilience

• Guaranteed availability: The Armour SigNet service is dependent on the full availability of the data service over the mobile bearers provided by the third-party cellular systems. However, typical availability of the underlying Armour SigNet networks is 99.95%; specific SLAs are available if required by the customer.
• Approach to resilience: Armour server resilience information is available on request.
• Outage reporting: Unexpected Armour SigNet outages are reported by email to customers. (Pre-planned outages are, of course, notified to customers in advance.)

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Username or password
  • Other
• Other user authentication: End user clients are password protected, based on the unique end point identity; the client itself also authenticates to the servers. Clients can support built-in device biometric authentication, and user-specific PIN code authentication.
• Access restrictions in management interfaces and support channels: Access to the user management system / servers is restricted to authorised administrators. For support, senior staff have SC clearance to deal with sensitive customer issues.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Intertek
• ISO/IEC 27001 accreditation date: 18/03/21
• What the ISO/IEC 27001 doesn’t cover: NO exclusions
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essential Plus
• Information security policies and processes: Company CISO reviews security daily with company teams to ensure adherence to defined security processes, including any special requirements imposed for specific customers.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Armour's development processes and operational change management processes follow defined mechanisms using the latest commercial configuration and change management tools.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: System security assessments (internal, CERT, etc.) are reviewed daily and resulting server or client level patches are deployed accordingly for the assessed threat, risk and impact level.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: The Armour secure service uses commercial IDS, anti-virus and similar measures as well as internal monitoring of its servers and services to detect potential compromises. Any issue identified is triaged (with CISO or delegate) and action taken to a timescale appropriate to the risk/impact.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents follow Armour's defined process for reporting and handling.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Covid-19 recovery:

  Covid-19 recovery

  Armour Comms support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. This includes improved workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.
• Tackling economic inequality:

  Tackling economic inequality

  Armour Comms will influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.
• Equal opportunity:

  Equal opportunity

  Armour Comms supports and promotes in-work progression to help people, including women, those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract.
• Wellbeing:

  Wellbeing

  Armour Comms demonstrates its support for the health and wellbeing, including physical and mental health, of its staff through internal wellness programmes.

Pricing

• Price: £12.50 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Armour Comms can offer free trial licences of an agreed quantity for an agreed period so that the customer can do a full and effective trial

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at david.holman@armourcomms.com. Tell them what format you need. It will help if you say what assistive technology you use.