Security & Compliance Overview
Security Overview
How Cableteque protects your data and maintains regulatory compliance.
Version 1.0 · 2026 · cableteque.com/legal/security
1. Security Commitment
Cableteque designs its platform with security as a foundational requirement. Our customer base includes both commercial manufacturers and highly regulated defense organizations, and our security controls reflect the needs of both segments. Cableteque maintains two distinct deployment environments, the standard commercial platform and the Cableteque Secure GOV instance, each with controls appropriate to its use.
This document provides an overview of Cableteque's security architecture, data protection practices, and compliance posture. For AI-specific data handling commitments, see the AI & Data Policy.
2. Platform Architecture
2.1 Deployment Environments
Cableteque operates two environments, each built on major cloud providers with established security and compliance foundations:
| Environment | Purpose | Infrastructure |
|---|---|---|
| Commercial Platform | Standard SaaS for commercial wire harness manufacturers | AWS Cloud, Azure GCC, GCP |
| Cableteque Secure GOV | Regulated workloads: CUI, ITAR, defense contractors | AWS GovCloud, Azure GCC High, GCP High (All in US region) |
2.2 Cloud Provider Security Foundation
By building on AWS, Azure, and GCP, Cableteque inherits a strong security and compliance foundation. These providers maintain certifications including SOC 1/2/3, ISO 27001/27017/27018, FedRAMP Moderate and High, DoD SRG, FISMA, FIPS cryptographic modules, and DFARS/CUI & ITAR compliance programs. A full list of AWS compliance programs is available at aws.amazon.com/compliance/programs.
3. Data Protection
Cableteque protects customer data throughout its lifecycle:
- Encryption at Rest: All customer data is stored on encrypted volumes using Cableteque-managed encryption keys.
- Encryption in Transit: All data in transit between system components, including AI inference endpoints and customer-facing interfaces, is encrypted end-to-end using industry-standard TLS 1.2+.
- Data Isolation: Customer data is logically segregated at the database and API layer using unique customer identifiers. Data from one customer account is never exposed to another.
- Transient Processing (GOV): For the Secure GOV instance, source documents submitted for processing are deleted immediately upon completion. Output data is retained in accordance with the Data Retention Policy.
- Secure Deletion: Data deletion is performed using industry-standard secure deletion methods consistent with applicable data protection regulations.
4. Identity & Access Management
- Access Controls: Role-based access controls restrict system access to authorized personnel only.
- Authentication: Secure authentication practices, including multi-factor authentication for privileged access, are enforced across production systems.
- Least Privilege: Cableteque employees do not have direct administrative access to production customer data. Access to AI production systems is disabled by default and requires approval.
- Audit Logging: All access to production systems and customer data is continuously logged (e.g., AWS CloudTrail) and available for compliance review.
5. Secure Development
- Secure Coding: Cableteque integrates security into its software development lifecycle, including secure coding standards, automated vulnerability scanning, and peer code review.
- Vulnerability Management: Industry-standard anti-virus and vulnerability scanning is performed on all software components and platform code prior to deployment.
- Patch Management: Security patches are applied on a risk-prioritized schedule with defined remediation timelines for critical findings.
6. Security Monitoring & Incident Response
- Continuous Monitoring: Real-time activity monitoring, vulnerability scanning, and anomaly detection are enabled across all platform infrastructure, including AI pipelines.
- Incident Response: Cableteque maintains structured incident response procedures to identify, contain, and remediate security events in accordance with applicable regulations.
- Breach Notification: In the event of a security incident affecting customer data, Cableteque will notify affected customers in accordance with applicable legal obligations and the terms of the governing agreement.
- Third-Party Providers: All third-party providers are contractually required to include breach notification obligations and a prohibition on unauthorized data use in their Data Processing Agreements.
7. Business Continuity
- Backup & Recovery: Customer data is backed up regularly, with defined recovery time objectives and recovery point objectives.
- Failover: Platform availability is supported by redundant infrastructure and failover mechanisms across cloud regions.
- Testing: Business continuity and disaster recovery capabilities are tested regularly to verify readiness.
8. Third-Party Risk
- Vendor Assessments: Third-party vendors with access to customer data are subject to a security assessment prior to engagement.
- Provider DPAs: All third-party providers must execute a Data Processing Agreement (DPA) that explicitly prohibits training on customer data and requires compliance with Cableteque's data classification controls.
- Approved Registry: Cableteque's Security Officer maintains an approved registry of third-party providers. No unapproved provider may receive customer data.
9. Compliance Posture & Roadmap
Cableteque maintains and is actively pursuing the following compliance frameworks:
| Framework | Status | Scope | Notes |
|---|---|---|---|
| FedRAMP Moderate Equivalency | In-Process (2026) | GOV Instance | 3PAO: Ignyte Assurance Platform (A2LA Cert. 6081.01, valid to May 2027). Readiness Assessment Report (RAR) in progress. Full equivalency certification expected by end of 2026. |
| NIST 800-53 Moderate Baseline | Controls Implemented | GOV Instance | FedRAMP Marketplace RAR in progress. Security Assessment Report (SAR) expected Q2 2026. |
| SOC 2 Type II | Aligned - Practices in Place | All Instances | Formal certification expected by end of 2026. |
| FedRAMP High IL 4 | Infrastructure Leveraged | GOV Instance | Hosted on AWS GovCloud, Azure GCC High, and GCP High, all FedRAMP High authorized. |
| ITAR / EAR | Supported | GOV Instance | Enforced via infrastructure controls, access restrictions to U.S. Persons, and data residency in U.S. regions. |
| ISO 27001 | Roadmap | All Instances | Targeted as the next certification milestone after SOC 2. |
FedRAMP Equivalency Documentation
Cableteque has retained Ignyte Assurance Platform as its accredited Third-Party Assessment Organization (3PAO) to conduct the FedRAMP Moderate Equivalency Audit. The Ignyte engagement letter (issued April 20, 2026, valid through April 19, 2027) is available upon request to verify Cableteque's audit commitment. Contact legal@cableteque.com to request compliance documentation.
10. Shared Responsibility
Cableteque operates under a shared responsibility model. Cableteque is responsible for the security of the platform, infrastructure, and data it processes on behalf of customers. Customers retain responsibility for:
- Managing user account credentials and access within their organization.
- Ensuring authorized users are trained on the appropriate use of the platform.
- Classifying and managing export-controlled or regulated content in accordance with applicable law, including ensuring such content is submitted only through the Cableteque Secure GOV instance.
- Reviewing, validating, and verifying AI-generated and other outputs before use in engineering, manufacturing, quoting, procurement, or operational decisions.
11. Contact
For security and compliance inquiries, to request compliance documentation, or to report a security concern:
- General Support: support@cableteque.com
- Legal & Compliance: legal@cableteque.com
- Security Reports: support@cableteque.com
- Legal Hub: cableteque.com/legal