Security

Security-First. Australian-Hosted. Defensible by Design.

SentinelOps is built from the ground up to protect investigation data with the same rigour applied to the investigations themselves. Every architectural decision prioritises confidentiality, integrity, and availability.

Security-First Architecture

Investigation data is among the most sensitive information any organisation holds. SentinelOps treats security as a foundational architectural requirement, not a feature added after the fact.

End-to-End Encryption

AES-256 encryption at rest and TLS 1.3 encryption in transit. All investigation data, attachments, and communications are encrypted throughout the entire data lifecycle.

Australian Data Sovereignty

All data hosted exclusively within Australian data centres. No offshore replication, no foreign jurisdiction access. Your investigation data stays in Australia, governed by Australian law.

Immutable Audit Trails

Every action within the platform is logged with tamper-evident, append-only audit records. Audit logs cannot be modified or deleted, even by administrators.

Role-Based Access Controls

Granular, role-based permissions ensure users only access investigation data relevant to their function. Compartmentalised case access prevents unauthorised visibility across investigations.

Authentication & SSO

Multi-factor authentication (MFA) enforced by default. Enterprise SSO integration via SAML 2.0 and OpenID Connect. Session management with configurable timeout policies.

Compliance Alignment

Architecture aligned to Essential Eight, Australian Government ISM, SOC 2 Type II, and ISO 27001. Designed for organisations operating under Australian regulatory obligations.

Data Sovereignty & Australian Hosting

For Australian organisations conducting investigations under Australian law, data sovereignty is not a preference. It is an operational and legal requirement. Investigation data frequently contains personal information governed by the Privacy Act 1988, sensitive employee records subject to the Fair Work Act 2009, and material that may be subject to legal professional privilege or statutory secrecy obligations.

SentinelOps hosts all customer data exclusively within Australian data centres. This is not a regional deployment option or a premium tier feature. It is the only deployment model. There is no offshore data replication, no foreign-jurisdiction backup storage, and no cross-border data transfer. Your investigation data remains subject to Australian law and Australian privacy protections at all times.

This approach ensures compliance with Australian Government data handling requirements, including those mandated under the Protective Security Policy Framework (PSPF) and the Australian Government Information Security Manual (ISM). Organisations subject to the Security of Critical Infrastructure Act 2018 (SOCI Act) can deploy SentinelOps with confidence that data residency requirements are met by default.

Encryption Standards

Encryption at Rest

All data stored within SentinelOps is encrypted using AES-256 encryption, the same standard used by the Australian Signals Directorate for protecting classified information. This includes case records, evidence files, attachments, notes, communications, and audit logs. Encryption keys are managed through a dedicated key management service with automatic key rotation and strict access controls.

Encryption in Transit

All data transmitted to and from SentinelOps is protected using TLS 1.3, the latest and most secure transport layer security protocol. This applies to all browser sessions, API communications, integrations, and internal service-to-service communications. Older TLS versions (1.0, 1.1) are disabled entirely. Certificate pinning is enforced for API integrations to prevent man-in-the-middle attacks.

Evidence and Attachment Security

Evidence files and attachments receive additional security treatment. Each file is individually encrypted with a unique encryption key, stored separately from the encrypted file content. File integrity is verified through cryptographic hashing (SHA-256), creating a verifiable chain of custody that demonstrates evidence has not been tampered with since upload.

Role-Based Access Controls

Investigation data requires access controls that go beyond standard role-based permissions. SentinelOps implements a multi-layered access control model that combines organisational roles, case-level permissions, and data classification to ensure users access only the information relevant to their function.

Organisational roles define baseline permissions: administrators, investigation managers, investigators, reviewers, and read-only stakeholders each have distinct capability sets. Case-level permissions allow investigation leads to further restrict access on a per-case basis, ensuring sensitive investigations (executive misconduct, whistleblower matters, covert operations) are compartmentalised from general investigation teams.

All access control changes are logged in the immutable audit trail, creating a complete record of who had access to what data and when. This is critical for demonstrating compliance with privacy obligations and for responding to discovery requests or regulatory inquiries about data handling practices.

Immutable Audit Trail Security

The audit trail is the evidentiary backbone of any defensible investigation. SentinelOps implements tamper-evident, append-only audit logging that records every action performed within the platform. This includes case creation, evidence uploads, note additions, status changes, access events, permission modifications, and report generation.

Audit records are cryptographically chained, meaning any attempt to modify, delete, or reorder historical records would break the cryptographic chain and be immediately detectable. This approach mirrors the integrity guarantees used in digital forensic evidence handling and ensures that audit trails presented to regulators, tribunals, or courts can be verified as complete and unaltered.

Audit logs are retained for the full lifecycle of the platform engagement and can be exported in forensically sound formats for external review. Retention policies comply with Australian regulatory requirements, including those specified by ASIC, APRA, and sector-specific regulators.

Authentication & Single Sign-On

Multi-factor authentication (MFA) is enforced by default for all SentinelOps users. This is not an optional setting. MFA supports time-based one-time passwords (TOTP), hardware security keys (FIDO2/WebAuthn), and push-based authentication through supported authenticator applications.

Enterprise organisations can integrate SentinelOps with their existing identity providers through SAML 2.0 and OpenID Connect (OIDC) protocols. This enables single sign-on (SSO) through providers such as Microsoft Entra ID (Azure AD), Okta, and Google Workspace, reducing credential sprawl and aligning with organisational identity governance policies.

Session management includes configurable inactivity timeouts, concurrent session limits, and forced re-authentication for sensitive operations such as evidence deletion requests or access control changes. All authentication events are recorded in the audit trail.

Compliance & Framework Alignment

Australian Cyber Security Centre Essential Eight

SentinelOps architecture aligns with the Essential Eight Maturity Model published by the Australian Cyber Security Centre (ACSC). This includes application control, patching cadence, restricting administrative privileges, multi-factor authentication, and regular backup and recovery testing. The platform is designed to support organisations targeting Essential Eight Maturity Level 2 and above.

Australian Government Information Security Manual (ISM)

The platform's security controls are mapped to the Australian Government ISM, the standard that governs information security for Australian Government entities and their service providers. This alignment is essential for government agencies, critical infrastructure operators, and organisations that handle government data.

SOC 2 Type II

SentinelOps maintains alignment with SOC 2 Type II trust service criteria across security, availability, processing integrity, confidentiality, and privacy. This provides enterprise customers with independent assurance that security controls are not only designed appropriately but are operating effectively over time.

ISO 27001

The platform's information security management system (ISMS) is aligned with ISO/IEC 27001:2022, the international standard for information security management. This framework governs how SentinelOps identifies, assesses, and treats information security risks across the entire platform lifecycle.

Infrastructure

SentinelOps infrastructure is deployed across geographically redundant Australian data centres, ensuring high availability and disaster recovery capability without any data leaving Australian jurisdiction. Data centres are certified to international standards including ISO 27001, SOC 2, and meet the physical security requirements of the Australian Government ISM.

The platform architecture implements defence-in-depth principles: network segmentation, web application firewalls, intrusion detection and prevention systems, and continuous vulnerability scanning. Automated threat detection monitors for anomalous access patterns, data exfiltration attempts, and credential compromise indicators.

Backups are encrypted, replicated across availability zones within Australia, and tested regularly for recoverability. Recovery time objectives (RTO) and recovery point objectives (RPO) are defined and tested in accordance with enterprise service level expectations.

Security FAQ

Where is SentinelOps data hosted?

All SentinelOps data is hosted exclusively within Australian data centres. There is no offshore replication or cross-border data transfer. This is not a configurable option; it is the only deployment model. Your investigation data remains subject to Australian law at all times.

Can SentinelOps be deployed in our own environment?

SentinelOps supports multiple deployment models, including dedicated tenancy and on-premises deployment for organisations with specific data handling requirements. Contact our team to discuss deployment options that align with your organisation's security policies and regulatory obligations.

How does SentinelOps handle penetration testing?

SentinelOps undergoes regular independent penetration testing conducted by Australian-based security firms. Testing covers application security, infrastructure security, and API security. Findings are remediated according to severity-based SLAs, and summary reports are available to enterprise customers under NDA.

Does SentinelOps comply with Australian Government security requirements?

SentinelOps architecture is aligned with the Australian Government Information Security Manual (ISM) and the Essential Eight Maturity Model. The platform is designed to support government agencies, critical infrastructure operators, and regulated industry organisations with Australian-specific compliance obligations.

How are audit trails protected from tampering?

Audit trails are implemented as tamper-evident, append-only logs with cryptographic chaining. Records cannot be modified, deleted, or reordered by any user, including platform administrators. Any tampering attempt would break the cryptographic chain and be immediately detectable, ensuring audit trails can be relied upon in regulatory proceedings and legal matters.

Your Next Investigation Deserves Better

See how SentinelOps transforms investigation management in a 30-minute investigator-led walkthrough. No sales pitch. Just the platform, your questions, and straight answers.

Book A Demo

Request A Discovery Call

Currently serving Australian enterprise, government, and regulated industry organisations.