Home
HelmVue

HelmVue Security Policy

HelmVue Pty Ltd is committed to protecting the confidentiality, integrity, and availability of your data. We understand that maritime operations rely on accurate, accessible information. This policy outlines the technical and organizational measures we use to secure your fleet's data in the cloud.

1. Infrastructure and Hosting

1.1. Cloud Architecture

HelmVue is built on a serverless, cloud-native architecture designed for high availability and redundancy.

  • Primary Hosting: We utilize Amazon Web Services (AWS) for all core computing and database services.
  • Certifications: AWS holds top-tier security certifications, including ISO 27001, SOC 2 Type II, and FedRAMP, ensuring the underlying physical infrastructure is secure.

1.2. Database and Storage

  • Database: We use managed AWS database services (e.g., Amazon RDS) to store vessel logs, crew profiles, and inventory data. This ensures seamless scaling and automated patching.
  • File Storage: Documents uploaded to the Certificates and SOP modules are stored in Amazon S3 (Simple Storage Service), configured with strict access policies to prevent public access.

2. Data Protection

2.1. Encryption

  • In Transit: All data transmitted between your devices and our servers is encrypted using TLS 1.2+ (Transport Layer Security). We employ strict HTTP Strict Transport Security (HSTS) to force secure connections.
  • At Rest: All data stored in our databases and file storage systems is encrypted at rest using AES-256 standard encryption.

2.2. Backups

  • Frequency: We perform automated, continuous backups of all database records.
  • Retention: Point-in-time recovery allows us to restore data to any second within the last 35 days, ensuring protection against accidental deletion or ransomware.
  • Geo-Redundancy: Encrypted backup snapshots are replicated to a secondary AWS Availability Zone to ensure survival even in the event of a total data center failure.

3. Access Control and Authentication

3.1. Authentication

Identity Provider: We use a secure Identity Provider (such as Amazon Cognito) to handle user logins. HelmVue does not store plaintext passwords; we store secure, salted password hashes.

3.2. Role-Based Access Control (RBAC)

Security is enforced at the application level using strict roles:

  • Captain/Master: Full access to vessel logs, crew data, and approval workflows.
  • Engineer: Access restricted to Maintenance, Inventory, and Engineering logs.
  • Deckhand: Read-only access to relevant SOPs; write access limited to specific checklists.
  • Guest/Charter: Strictly limited access to viewing specific itinerary or preference data (if enabled).

4. Application Security

4.1. Secure Development Lifecycle

Code Reviews: All code changes undergo mandatory peer review and automated static analysis (SAST) to identify vulnerabilities (e.g., OWASP Top 10) before deployment.

4.2. Vulnerability Management

We actively monitor our software dependencies for known security vulnerabilities (CVEs) and apply patches automatically within 24 hours of release for critical issues.

5. User Responsibilities

While we secure the cloud, security onboard is a shared responsibility:

  • Connectivity: As HelmVue is a cloud-based service, you are responsible for maintaining a secure and reliable internet connection (Satellite/4G) to access the application.
  • Device Security: Customers are responsible for ensuring physical devices (iPads, Laptops) used for HelmVue are protected by passcodes or biometrics.
  • Session Management: Users should log out of shared devices immediately after use to prevent unauthorized access.
  • Reporting: You must notify us immediately at support@helmvue.com if you suspect unauthorized access to your account.

6. Incident Response

In the unlikely event of a security breach:

  • Containment: Our security team will immediately isolate affected systems.
  • Notification: We will notify affected customers within 72 hours of confirming a data breach, in accordance with the Privacy Act 1988 (Cth) Notifiable Data Breaches scheme.
  • Remediation: We will provide a full post-mortem report outlining the cause and the steps taken to prevent recurrence.

7. Contact Us

For technical security questions, vulnerability reports, or audit requests, please contact our Security Team:

HelmVue Security Team
Email: support@helmvue.com
Location: Perth, Western Australia