Skip to main content

Help us improve the Digital Marketplace - send your feedback

SECRETARIUM LTD

Klave

Klave is a zero-trust PaaS for confidential applications. It provides a reliable and secure infrastructure on which businesses can build and run their applications without fear of interference from third-parties. All applications are deployed within Trusted Execution Environments (TEEs) safeguarding data and business logic integrity and confidentiality at all times.

Features

  • Security: Code and data encrypted at all times
  • Integrity: Tamper-proof code and data at all times
  • Honesty: Zero-trust through attestation and verifiability
  • Confidential computing and TEEs made easily accessible
  • No-operations platform with scalability and redundancy built-in
  • Developer tooling for quick app scaffolding
  • Integration into developer workflows
  • Multi languages support for App development
  • Access to a global application marketplace

Benefits

  • Enable sensitive data collaboration use cases
  • Unlock access to sensitive data silos
  • Enable the usage and manipulation of sensitive data on-the-cloud
  • Provide data and IP governance through attestation and verifiability
  • Enable data lineage and traceability

Pricing

£5,000 a licence

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bertrand@secretarium.org. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

9 8 7 5 6 9 6 5 3 6 0 5 9 6 7

Contact

SECRETARIUM LTD Bertrand Foing
Telephone: 07595300325
Email: bertrand@secretarium.org

Service scope

Service constraints
There are currently no service constraints.

Klave is designed to be a high-availability service not needing maintenance windows. If a maintenance windows with a service cut-off is necessary, Secretarium Ltd adheres to the following:

For Planned Maintenance Secretarium Ltd provides customers with at least twenty four (24) hours’ advance notice of any such planned maintenance, the details of which will be discussed and agreed in advance customers.

For Emergency Maintenance Secretarium Ltd provides customers with at least six (6) hours’ advance notice of any such planned maintenance, the details of which will be discussed and agreed in advance with customers.
System requirements
  • On-prems: Must run on Intel SGX compatible Hardware
  • On-prems: Must be deployed on compatible Linux distro
  • Cloud/hybrid: Deployed on bare-metal machine with Intel SGX compatible processors
  • Access to the service: Device with internet access running
  • Access to the service: Use of a modern internet browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
48-hr response time
User can manage status and priority of support tickets
No
Phone support
No
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
None.
Onsite support
No
Support levels
1) Support Level - Mail + Discord.
2) Support Cost - Basic support (Mail + Discord) is free of charge while Advanced Support cost (Call + Support++) will vary depending on customer needs (charged on a Time & Material Basis)
3) Both Technical Account Manager and Cloud Support Engineer are available to support all customers when needed
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We offer multiple resources to facilitate users in starting to use our service seamlessly. Our documentation includes a Quickstart onboarding section and detailed technical descriptions to guide users through the initial setup. Additionally, we provide onboarding and feature videos to supplement the documentation and offer visual aids. Users can schedule free demo meetings with us for personalised assistance in onboarding. Access to our documentation, videos, and other onboarding materials is made easy through our website and Discord channel. Furthermore, we provide direct support on Discord during UK working hours to address any queries or issues users may encounter during onboarding. With these comprehensive resources and personalised support options, we ensure that users can confidently and efficiently begin using our service.
Service documentation
Yes
Documentation formats
  • HTML
  • Other
Other documentation formats
Videos
End-of-contract data extraction
Ending a contract requires extracting valuable data. This process involves planning what needs to be retrieved (reports, customer data) and how (considering data formats and security). Then, data is extracted from various sources (databases, drives) while maintaining its original structure. Quality checks ensure completeness and accuracy. Finally, secure transfer with encryption protects the data. Documentation records the process for future reference. Once confirmed by the other party, any remaining data is disposed of securely. The contract is finalized by confirming data transfer and completing any outstanding obligations. By prioritizing critical data, exploring automation, and potentially anonymizing sensitive information, this process ensures a smooth and secure end-of-contract data extraction
End-of-contract process
Prior to contract closure, any end-of-contract requirements and obligations are identified and examined, ensuring all contract deliverables are completed, submitted and approved by the relevant stakeholders. Any outstanding work or issues are resolved and a final meeting with the relevant stakeholders is conducted to discuss the completion of the contract. Approvals and sign-offs are obtained from the client/other stakeholders on all deliverables, project reports and other contractual obligations. Final invoices are issued based on contract terms, confirming that all financial obligations are met, including reimbursements, taxes or other costs. Throughout the contract, and more importantly before the end of the agreement, all confidential information, intellectual property, and proprietary data are handled according to the contract's confidentiality clauses. Any company property/assets returned and confidential information returned/destroyed as required by the contract. All documentation, including project reports, financial records and contract closure forms are finalised and signed, indicating the end of the contract.

Using the service

Web browser interface
Yes
Using the web interface
Users can orchestrate and monitor the deployments of their software applications. They can additionally manage access permissions, organisational settings and get billing reports. Changes to their confidential applications are handled via their own developer workflows using our helper tooling.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
While we have not conducted independent review of our web application accessibility scores, we use a combination of tools during development (via linters) and testing (via Microsoft Accessibility Insight) to help us maintain immediate accessibility requirements. Our service is built to leverage modern web browser capabilities, exclusively using Web Standards. Users have the ability to use browser extensions, for example to read aloud or increase contrast. Currently, users with severe visual impairment may not be able to perform all actions. Also, some features such as FIDO authentication rely on external components which may themselves suffer from accessibility issues.
Web interface accessibility testing
None
API
Yes
What users can and can't do using the API
We offer two API. A Web API, through which all the functions supported by our web interface are also offered, facilitating service automation, and an SDK API for use by applications deployed within our service, allowing access to runtime service functions.
API automation tools
Other
API documentation
Yes
API documentation formats
HTML
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Our CLI utilizes our Web API to perform all the actions otherwise available via the Web interface

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
Applications deployed on Klave are associated with their own compute resources (threads), database (disk space allocation), and are capped by users. We load-balance users across different nodes of a cluster to ensure resource availability. We also monitor resource utilisation and increase the number of nodes in a cluster if needed. Rate limitations and other techniques manage throughput (ingress and egress) independence to provide a good experience to all users.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • Number of active instances
  • Other
Other metrics
Number of available environments
Reporting types
Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Automated backup of databases
  • Automated backup of ledgers
  • Automated backup of applications and binaries
  • Automated backup of configurations (network, hardware, etc.)
  • Automated backup of logs
Backup controls
Applications and ledgers of users' data are distributed and automatically backed up across a cluster of machines deployed in different data centres. Users can ask for a rollback of the ledgers to a previous backed-up version.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
At present, our service operates on a best-effort basis during UK working hours (BST) from 9 am to 5 pm. However, we recognize the diverse needs of our enterprise clients and are committed to providing tailored Service Level Agreements (SLAs) to meet their specific requirements. These customized SLAs will ensure that our enterprise clients receive the level of support and responsiveness they expect, allowing us to deliver a high-quality service experience that aligns closely with their business objectives. By offering personalized SLAs, we aim to strengthen our partnerships with enterprise clients and enhance their overall satisfaction with our services.
Approach to resilience
Our service is designed for resilience through a multi-tiered strategy. Spanning three data centers across two regions, we ensure geographic redundancy to mitigate localized disruptions. Within each center, our cluster-based architecture disperses applications and data, preventing single points of failure and optimizing performance. Automated failover and proactive monitoring further bolster our resilience, swiftly redirecting traffic and resources in case of anomalies. Through redundancy, diversity, and automation, we prioritize seamless continuity, providing a dependable platform for our users.
Outage reporting
Our service promptly reports outages through multiple channels to ensure effective user communication. We utilise email notifications as a primary method for outage reporting, providing detailed information and updates to our users. Additionally, we leverage Discord, where we manage our users' community, to promptly notify them of any disruptions. This ensures that our users receive timely updates through channels they frequently engage with, enhancing transparency and maintaining open lines of communication during outages. By utilising both email and Discord, we aim to minimise downtime and swiftly address any issues to mitigate impacts on our users' operations.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels
Limited number of system administrators have access to management interfaces. They all use 2FA to log-in. Support channel (Discord) requires 2FA and phone numbers.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Devices users manage the service through
Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Sancert
ISO/IEC 27001 accreditation date
07/08/2024
What the ISO/IEC 27001 doesn’t cover
NA
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
Yes
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Cyber Essentials Certified - 2024
In the process of implementing ISMS to obtain ISO27001 Certification
Information security policies and processes
Secretarium has implemented a sustainable set of controls/safeguards, in the form of policies, practices, procedures, organisational structure and software. This involves all key stakeholders, ensuring that the Confidentiality, Integrity and Availability requirements of our information assets are mased based on their value, risk exposure and regulatory and compliance requirements. Employees and third parties are made aware of their roles and responsibilities to ensure the protection of information. Secretarium's management is committed to the implementation, operation, monitoring, review, maintenance and continual improvement of these Information Security controls. The following objectives have been set and are used as a foundation of our Information Security Program: 1) Understanding critical information assets and protecting them in terms of CIA triad; 2) Minimising business disruption and operational impact; 3) Compliance with customer expectations and contractual obligations; 4) Compliance with relevant legal/regulatory requirements; 5) Reduction and effective management of Security Incidents; 6) Effective Information Security Risk Management; 7) Info Sec training Program and Awareness in place and 8) Assurance that all systems are protected from Malware, Viruses and Cyber-attacks

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Change requests, including upgrades, are logged centrally with approval documentation.
Business units maintain an audit trail of change requests, authorizations, and outcomes.
Changes to production require multi-person approval.
Risk assessments align with organizational standards, considering security impacts.
Assessments include impacts on resources, costs, security, privacy, and compliance.
Changes undergo controlled testing to minimize disruptions and assess impacts.
Formal approval criteria include authorization, impact assessment, and testing.
Users are notified and consulted on significant changes before acceptance.
Procedures address unexpected outcomes for recovery and continuity.
Post-implementation monitoring tracks deviations and escalates issues for resolution.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
We conduct annual penetration testing, automated monthly infrastructure scans, and weekly codebase scans, and promptly deploy patches after significant vulnerability detection. We gather threat intelligence to assess emerging risks and align our remediation efforts. Critical vulnerabilities are remediated within 30 days, followed by confirmation scans. We maintain a vulnerability dashboard for monitoring and tracking overall trends. Information on potential threats comes from various sources, including threat intelligence feeds, advisories, vendor announcements, and industry reports, ensuring our readiness to address evolving security challenges.
Protective monitoring type
Undisclosed
Protective monitoring approach
Undisclosed.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Our incident management process adheres to formalized procedures outlined in our policy, guiding us from incident detection to resolution. Incidents are classified based on criticality and promptly reported to our IT helpdesk. We have predefined processes for common events and ensure timely reporting to authorities. All incidents are logged, documented, and reported to relevant stakeholders, including senior management and regulators. Forensic evidence is collected and retained securely for six months. After resolution, a formal report is prepared by the head of Cyber Security, outlining actions taken and preventive measures. Lessons learned are documented and shared to prevent future incidents.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We currently use three data centres. Using OVH in Europe and partnering with companies like Tinext and Green in Switzerland showcases a strong commitment to sustainability and environmental responsibility. By leveraging renewable and low carbon energy sources, these companies not only reduce their carbon footprint but also align with the EU code of conduct regarding energy efficiency and environmental standards.
The EU code of conduct sets guidelines and best practices for data centres and cloud service providers to ensure energy-efficient operations and reduce environmental impact. Compliance with these standards demonstrates a proactive approach to meeting regulatory requirements while also contributing to broader sustainability goals.
OVH’s operations in Europe, alongside partnerships with environmentally conscious companies like Tinext and Green in Switzerland, exemplify a forward-thinking approach to business that prioritizes not just performance and reliability but also environmental stewardship. This alignment with EU regulations underscores a commitment to sustainable practices and responsible resource management in the digital infrastructure sector.
By highlighting these efforts, businesses can showcase their dedication to environmental sustainability while also meeting industry standards and regulations, fostering trust and positive engagement with stakeholders and customers alike.

Social Value

Social Value

Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

Fighting climate change

Environmental and climate considerations are integral to our solution's design. Klave plays a pivotal role in curtailing the ecological footprint of data processing by facilitating efficient and secure data operations. By harnessing the power of secure hardware, Klave achieves data processing speeds that are exponentially superior to conventional cryptography, all while minimising the demand for computing resources. This efficiency translates to reduced energy consumption and a diminished environmental impact. A cornerstone of Klave's eco-consciousness lies in its utilisation of low-energy servers. These servers boast an energy consumption rate of a mere 30 watts during periods of rest and a maximum of 215 watts when subjected to heavy use. Moreover, our commitment to sustainability extends to the very heart of our operations, as Klave operates within data centres that derive their energy from hydroelectric sources. By converging technological innovation with environmental responsibility, Klave underscores its dedication to advancing secure data practices while leaving a lighter carbon footprint on the planet.

Tackling economic inequality

Klave's introduction to the market has the potential to generate substantial economic impact across various dimensions.
1. Entrepreneurship and Startups: Klave 's emergence will inspire entrepreneurs and startups to explore solutions in the data security and privacy space leading to the creation of new ventures, fostering a culture of entrepreneurship and innovation within the industry.
2. Increased Cloud Adoption: Klave's robust security features will drive increased adoption of cloud computing solutions, especially among businesses that were previously hesitant due to security concerns. This expanded adoption will lead to revenue growth for cloud infrastructure and related industries.
3. Business Efficiency and Productivity: Organisations adopting Klave 's secure data protection and smart contract capabilities can experience improved efficiency and productivity. This, in turn, will contribute to overall economic growth as businesses optimise their operations and reduce operational costs.
4. Value Chain Enhancement: Klave 's integration into various industries can lead to the development of complementary products and services. This value chain enhancement will create new revenue streams and business opportunities for stakeholders within these industries.

Equal opportunity

At Secretarium, our expansion and developmental endeavours call for a diverse array of skilled professionals spanning multiple domains. From software engineer’s adept in crafting intricate code to secure hardware engineers, smart contract engineers, and cryptographers, our team showcases a spectrum of talents. Complemented by IT security engineers, UX/UI engineers who craft intuitive user experiences, project managers who navigate complexities, and customer support personnel ensuring client satisfaction, our organisation stands as a nucleus of expertise. From 2024 to 2028, we anticipate generating a minimum of 222 positions, ushering in a new era of employment.
The Secretarium effect extends beyond our immediate walls, generating indirect job creation across industries. As we expand our operational reach, our collaborations with partners, suppliers, and service providers create a ripple effect of opportunity. This symbiotic rapport fuels roles within sectors such as cloud infrastructure, legal and compliance services, marketing agencies, and logistics. The dynamic surge in demand that our initiatives stimulate acts as a catalyst for employment growth within these affiliated organisations.
Innovation and Entrepreneurship: Beyond the numbers, our market presence ignites the flames of innovation and entrepreneurship. As Secretarium gains momentum and garners investment, it inspires the birth of startups and ventures focusing on related privacy-preserving technologies, services, and applications. This virtuous cycle of innovation further amplifies the potential for job creation, generating a dynamic environment primed for economic progress.
In cultivating both direct and indirect job creation, Secretarium propels value for our clients while simultaneously contributing to holistic growth and prosperity within the communities and economies we engage with.

Pricing

Price
£5,000 a licence
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
All features and functionalities as per our PAYG model are included except that deployment is done in a development cluster. Features are:
Unlimited Applications
Unlimited Deployment
Automatic CI/CD (Git Integration)
Unlimited Environment
Mail Support

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bertrand@secretarium.org. Tell them what format you need. It will help if you say what assistive technology you use.