Security & Compliance

Trust Center

Security architecture, compliance posture, and data handling practices for organizations evaluating or engaged with Seifert Dynamics.

Last updated: April 2026

Overview

Seifert Dynamics builds operational software and infrastructure systems for environments where reliability, compliance, and operational continuity are non-negotiable. The organizations we work with — in defense-adjacent, infrastructure, logistics, and industrial sectors — require assurance that the systems they deploy meet rigorous security standards.

This Trust Center provides factual information about our security posture, compliance status, and data practices. Organizations conducting vendor due diligence may request supplementary documentation through our security contact.

Security Architecture

Access Control

Role-based access control is enforced across all internal systems and client-facing platforms. Principle of least privilege is applied by default. Privileged access is reviewed quarterly and revoked upon role change or departure.

Encryption

Data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption key management follows documented rotation schedules with segregated key custody.

Network Security

Production environments are segmented from development and internal infrastructure. Ingress and egress are controlled via firewall policy with default-deny rules. Anomaly detection is active on production network segments.

Endpoint Security

All company-managed endpoints are enrolled in device management with enforced disk encryption, screen lock, and remote wipe capability. Endpoint detection and response tooling is deployed across the fleet.

Development Security

Software development follows secure coding practices aligned with OWASP guidelines. Code review is mandatory before merge. Dependency scanning and static analysis are integrated into the CI pipeline. Secrets are never committed to source control.

Compliance

Our compliance posture reflects the regulatory environments our clients operate in. We align with recognized frameworks and are actively pursuing formal certifications as the company scales.

NIST SP 800-53

Internal security controls are mapped to NIST SP 800-53 Rev 5 moderate baseline. Applicable to our defense-adjacent and public sector engagements.

Aligned

SOC 2 Type II

SOC 2 Type II audit is in planning. Internal controls are being formalized in preparation for external assessment. Projected certification timeline available on request.

In Progress

GDPR / UK GDPR

As a company with operations in the United Kingdom and European client engagements, we maintain data handling practices consistent with GDPR and UK GDPR requirements. See our Privacy Policy for details.

Compliant

ISO 27001

Information security management practices are aligned with ISO 27001 principles. Formal certification is under evaluation as a future milestone.

Aligned

Data Handling

Data We Process

We process operational data provided by clients in the course of software deployments — including infrastructure telemetry, logistics data, and operational event streams. We do not process consumer personal data as a primary function. Contact and business data collected through this website is handled per our Privacy Policy.

Data Residency

Client data residency requirements are accommodated on a per-engagement basis. Data processed under client engagements is not stored in commingled systems. Specific residency configurations are documented in engagement agreements.

Data Retention

Retention schedules are defined per data category and client agreement. Upon engagement termination, client data is returned or destroyed per contractual terms within 30 days of written request.

Sub-processors

We use a limited number of sub-processors for infrastructure hosting, communications, and development tooling. A current sub-processor list is available to clients and prospective clients upon request under NDA.

Penetration Testing

External penetration testing of production systems and client-facing platforms is conducted on an annual cadence by independent third-party security firms. Tests cover network infrastructure, application layer, and authentication mechanisms.

Penetration test executive summaries are available to clients and qualified prospective clients under NDA. Requests should be directed to our security team.

Incident Response

We maintain a documented incident response plan covering detection, containment, eradication, and post-incident review. Severity classifications and escalation paths are defined in advance. The incident response plan is tested through tabletop exercises.

In the event of a security incident affecting client data, we commit to notification within 72 hours of confirmed breach determination, consistent with GDPR Article 33 obligations where applicable.

Vulnerability Disclosure

We operate a responsible disclosure program. Security researchers who identify vulnerabilities in our systems are asked to report them through our Security Disclosure page. We commit to acknowledging valid reports within five business days and to coordinated disclosure timelines.

We do not pursue legal action against researchers who act in good faith within the scope of our disclosure policy.

Third-Party Audits

Enterprise and government clients may request participation in vendor security assessments as part of their procurement process. We support standardized questionnaires including CAIQ (CSA Consensus Assessment Initiative Questionnaire) and custom security assessment frameworks.

Requests for third-party audit participation or security questionnaire completion should be directed through our security contact with a minimum of ten business days lead time.

Contact

For security assessments, compliance documentation requests, sub-processor lists, or questions about our security posture, contact our security team directly.

Security Contact arrow_forward