Armour Recall - Secure Communications Compliance & Auditing
UK company providing NCSC CPA certified secure mobile communications. iOS and Android smartphones and tablets, Windows desktops. Cost-effective, easy to use solution for governments. Secure voice, video, conferencing, instant messaging, group chat, file transfer, cross-domain, unified comms interoperability, fully auditable. Cloud-based or on-premises deployments UK OFFICIAL SENSITIVE, Advanced Mobile, SECRET.
Features
- Designed for legal compliance, FOIA requests, public records, lawful interception
- Archives all media traffic securely in original encrypted format
- Records all traffic including 'burned' or deleted messages and files
- Traffic decryption in separate Audit zone e.g. air gapped network
- Decrypted messaging output to third-party analysis tools e.g. Splunk
- Audit technology uses NCSC designed MIKEY-SAKKE centralised key management
- Cloud hosted, on-premises and managed service options are available
- Secure by design. CPA accredited solution up to Official Sensitive
- Options to audit messaging only, attachments, voice, video
- Audit services and support provided by SC cleared operations staff
Benefits
- Centralised management of user activation, authentication, data protection and revocation
- Compatible with complementary technology e.g. MDMs, MAMs, VPNs
- Helps manage internal & external governance, risk and compliance
- Supports legal compliance, FOIA requests, public records, forensics, lawful interception
- Supports unified comms and interoperability via Armour Connect/Armour Bridge
- Prove who said what to whom & when
Pricing
£1 a licence a month
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
5 9 0 2 3 4 9 3 2 9 9 5 6 5 4
Contact
Armour Comms
David Holman
Telephone: 0203 637 3801
Email: david.holman@armourcomms.com
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- Armour Communications provide a secure communications platform components of which can be used individually or in conjunction with the following: Armour Recall, Armour Cloud, Armour Enterprise, Armour Connect, Armour Unity & Armour Bridge.
- Cloud deployment model
-
- Private cloud
- Community cloud
- Service constraints
- Armour Mobile can be downloaded currently to iOS and Android phones and tablet devices and Windows Desktops
- System requirements
-
- COTS Apple devices (phone or tablet) iOS Version 15.2+
- COTS Android devices (phone or tablet) OS Version 7+
- Windows 10 / Windows 11 Desktop
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Severity-related response times from 4 hours upwards depending on SLA, during UK working hours 09:00 to 17:00 (see Support Levels).
- User can manage status and priority of support tickets
- No
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Armour provides customer specific account managers to support client requirements .
24x7 support can be made available at additional cost depending on requirements. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
Training tutorials are available on the Armour Comms website.
Additional training services are available e.g. train the trainer and can be quoted on request. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- Armour Mobile contacts data can be removed from the device prior to the contract end by creating a export file and emailing.
- End-of-contract process
- The customer will be contacted prior to the end of the contract to see if they wish to renew. If they do not wish to renew, the app will cease to communicate with the service. The app will remain on the device but all information within it can be remotely wiped.
Using the service
- Web browser interface
- No
- Application to install
- Yes
- Compatible operating systems
-
- Android
- IOS
- Windows
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Armour Mobile is designed to offer the same functionality and similar look and feel on all platforms.
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- No
- Customisation available
- No
Scaling
- Independence of resources
- Usage is monitored on a continual basis and scaled according to requirement
Analytics
- Service usage metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Armour secure data at rest on mobile devices is encrypted to protect it. Data at rest on servers is protected by a multi-security-zone server architecture with database encryption, physical access control to dedicated server room, staff authorisation, staff security clearance, etc.
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Data importing and exporting
- Data export approach
- For security reasons the only data that can be exported from the device is the contacts. A user can export their contacts to an encrypted file and store or email it off their device (platform-dependent).
- Data export formats
- Other
- Other data export formats
- Encrypted file
- Data import formats
- Other
- Other data import formats
- Encrypted file
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- Armour secure services are protected by at least AES-128 with PKI using MIKEY-SAKKE between end user devices and up to AES-256 with TLS1.2+ in client/server interactions.
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
- All inter-server communications within the Armour secure service use at least TLS1.2+ with AES-256, multi-zone server security, firewalling, intruder detection, monitoring, etc.
Availability and resilience
- Guaranteed availability
- The Armour Mobile service is dependent on the full availability of the data service over the mobile bearers provided by the third-party cellular systems. However, typical availability of the underlying Armour networks is 99.98%; specific SLAs are available if required by the customer.
- Approach to resilience
- Armour server resilience information is available on request.
- Outage reporting
- Unexpected Armour Mobile outages are reported by email to customers. (Pre-planned outages are, of course, notified to customers in advance.)
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Other
- Other user authentication
- End user clients are password protected, based on the unique end point identity used in the MIKEY-SAKKE cryptography; the client itself also authenticates to the servers. Additional user authentication (e.g. 2-factor) is available at additional cost based on user requirements.
- Access restrictions in management interfaces and support channels
- Access to the user management system / servers is restricted to authorised administrators using passwords, user certificates, etc. For support, senior staff have SC clearance to deal with sensitive customer issues.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- You control when users can access audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Intertek
- ISO/IEC 27001 accreditation date
- 18/03/21
- What the ISO/IEC 27001 doesn’t cover
- NO exclusions
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- CPA (up to OFFICIAL SENSITIVE) for key service components
- CPA Build Standard assessment of development mechanisms
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- Cyber Essentials and Cyber Essentials Plus
- Information security policies and processes
- Company CISO reviews security daily with company teams to ensure adherence to defined security processes, including any special requirements imposed for specific customers.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Armour's development processes and operational change management processes follow defined mechanisms using the latest commercial configuration and change management tools.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- System security assessments (internal, CERT, etc.) are reviewed daily and resulting server or client level patches are deployed accordingly for the assessed threat, risk and impact level.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- The Armour secure service uses commercial IDS, anti-virus and similar measures as well as internal monitoring of its servers and services to detect potential compromises. Any issue identified is triaged (with CISO or delegate) and action taken to a timescale appropriate to the risk/impact.
- Incident management type
- Supplier-defined controls
- Incident management approach
- Incidents follow Armour's defined process for reporting and handling.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
- Covid-19 recovery
- Tackling economic inequality
- Equal opportunity
- Wellbeing
Covid-19 recovery
Armour Comms support organisations and businesses to manage and recover from the impacts of COVID-19, including where new ways of working are needed to deliver services. This includes improved workplace conditions that support the COVID-19 recovery effort including effective social distancing, remote working, and sustainable travel solutions.Tackling economic inequality
Armour Comms will influence staff, suppliers, customers and communities through the delivery of the contract to support employment and skills opportunities in high growth sectors.Equal opportunity
Armour Comms supports and promotes in-work progression to help people, including women, those from disadvantaged or minority groups, to move into higher paid work by developing new skills relevant to the contract.Wellbeing
Armour Comms demonstrates its support for the health and wellbeing, including physical and mental health, of its staff through internal wellness programmes.
Pricing
- Price
- £1 a licence a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- Armour Comms can offer free trial licences of an agreed quantity for an agreed period so that the customer can do a full and effective trial