01Hosting & data residency
- Provider
- Amazon Web Services (AWS).
- Default region
- UK / EU. Production data is stored in AWS regions inside the United Kingdom or European Economic Area unless contractually agreed otherwise.
- Edge delivery
- Public marketing pages are delivered via Amazon CloudFront with global edge caching. CloudFront routes user requests to the nearest edge location; the origin remains in the chosen primary region.
- Backups
- Backups inherit the primary region's residency.
02Encryption
- In transit
- TLS 1.2+ for all public endpoints. HTTPS-only; HTTP requests are redirected. The TLS certificate is issued by Amazon and managed via AWS Certificate Manager (ACM) with automatic renewal.
- At rest
- AES-256 at rest for storage and backups, using AWS-managed keys by default. Customer-managed KMS keys available on request for procurement-grade engagements.
03Access & deployment
- Deploy authentication
- GitHub Actions assumes an AWS IAM role via OpenID Connect (OIDC). No long-lived access keys are stored in CI.
- Production console access
- Multi-factor authentication required. Console actions audited via AWS CloudTrail.
- Source control
- Branch protection on
main; required pre-merge CI checks; required code review.
04Supplier credentials
ARGUS HOLDINGS — KLL1 LTD is a UK Ministry of Defence (MoD) JAGGAER One Registered Supplier. We engage with public-sector buyers under standard UK Government commercial terms. Cyber Essentials and ISO 27001 alignment documentation is provided on request as part of supplier assurance.
05Vulnerability disclosure
- security@arguswatch.org
- Manifest
- /.well-known/security.txt (RFC 9116)
- Policy
- See our coordinated disclosure policy. We commit to acknowledge reports within five business days.