Security at Arch
Manufacturing Technology Built on a Foundation of Security
From initial application development to global deployment, we prioritize security every step of the way.
To offer solutions to manufacturers that rely on security to prevent leaks of proprietary information, Arch has built a foundation of security into everything they do. Along with code and architecture, Arch makes sure that their development practices and business practices maintain a secure environment for their customer operations and data. SOC 2 documentation reflects the high priority Arch puts on security.
Security is a process. Arch does the work.
From token management to encryption, Arch utilizes the highest standards of software security.
- Encryption at rest
- Encryption in transit
- Token controlled access
- Logging and auditable processes
- Best practices for tenancy and isolation
Arch is security-first because so much is on the line.
Arch development and business process
For systems handling mission critical and proprietary data, the software development process needs to be fashioned for security. Arch developers — and the entire Arch team — work in secure-by-default process to protect our code and the resources of our clients.
- All Arch workstations are monitored for security standards, including disk encryption, complex passwords, and other best practices.
- Only sanitized data is used in development. Client data stays in client control.
- A secured software supply chain protects the code from creation to deployment.
- Regular penetration testing (known as “pen testing,” in which a third party attempts to hack a technology) on code, infrastructure, and development.
Arch works with customers to make sure that implementing ArchFX integrates seamlessly with their existing security measures.
- Single sign-on for ArchFX that matches and is in the control of the customer IT and security teams.
- Before any Arch technology is deployed, the Arch customer success team connects with IT and security to plan how to align the Arch system with client security requirements and security tools.
Commitment to SOC 2
Arch is committed to SOC 2 proofs of the trustworthiness of our software, people, and processes.
SOC 2 validation utilizes detailed evaluation by a third party against rigorous standards. The outcome supports not just the company receiving the certification but in turn supports certification and compliance for their clients. We all have to work together for security!
SOC 2 Type 1
Arch has completed a SOC 2 Type 1 report, attesting to the appropriateness of our controls by a third party, as of 2023.
SOC 2 Type 2
We feel that is not enough and are working towards a SOC 2 Type 2 report, which will include longitudinal tracking and measures of efficacy. The process is (appropriately) very involved. We project that our SOC 2 Type 2 report will be complete by June 2023.
What is SOC 2?
The American Institute of Certified Public Accountants (AICPA) created and maintains the SOC 2 (System and Organizational Controls) standard to validate that organizations who provide technology services are implementing appropriate security controls.
We are here to talk about security.
Security needs to be a conversation. If you have questions or concerns about how Arch implements security, please don’t hesitate to reach out.