Trust, Security & Compliance

Tungsten is built on a foundation of security, privacy, and aerospace regulatory compliance. Learn why design offices trust their certification data to Tungsten.

Why Design Offices Trust Tungsten

Trust isn't given — it's earned through transparency, expertise, and consistent delivery. Here's what makes Tungsten trustworthy.

Founded by Aerospace Engineers

Tungsten is built by engineers who have lived the Part 21J certification process. We understand the regulatory landscape, the business drivers, and the compliance challenges that design offices face daily. This domain expertise shapes every decision we make about workflows, audit trails, and feature prioritisation.

Purpose-Built for Regulatory Compliance

Unlike generic document management tools retrofitted for aerospace, Tungsten was designed from the ground up for Part 21J workflows. Our approval chains, audit logging, and document versioning are specifically engineered to meet EASA certification requirements and support regulatory submissions.

Transparent, Predictable Pricing

No hidden fees, no surprise surcharges, no feature gating. £299/month covers your entire design office — unlimited users, unlimited projects, all features. This transparency builds trust and makes budgeting straightforward. Enterprise deployments use custom, clearly-defined pricing.

Comprehensive Audit Trails

Every action in Tungsten is recorded — who accessed what, when, and what changes they made. Our audit logs are designed to satisfy regulatory scrutiny and provide the evidence trail needed for certification submission and post-approval reviews.

European Data Residency

Your certification data is stored in AWS infrastructure located in the European Union and United Kingdom, supporting GDPR compliance and regulatory requirements for sensitive aerospace data. All data is encrypted at rest and in transit.

Security-First Architecture

Encryption, role-based access control, automated backups, and disaster recovery are built into the core platform — not added as afterthoughts. Two-factor authentication is available for enhanced account security. We follow industry best practices for data protection.

Compliance & Standards

Tungsten meets the regulatory and compliance requirements critical to aerospace design offices.

GDPR Compliance

Privacy by design. Tungsten implements data minimisation, role-based access, audit logging, and user data retention controls. EU data residency and DPA support ensure GDPR alignment.

EASA Part 21J Alignment

Designed to support EASA Design Organisation workflows. Structured approval chains, document versioning, and audit trails encode regulatory best practices for certification submission.

Audit-Ready Records

Organisation-scoped activity logs capture every project mutation. Regulatory audits can trace document approvals, task completions, and access history with full attribution.

Data Protection & Backups

Automated daily backups, encryption at rest and in transit, disaster recovery procedures. Your certification data is protected against loss or corruption.

Role-Based Access Control

Fine-grained permissions ensure users see only what they need. Engineers access assigned tasks, approvers control workflows, observers have read-only visibility. Compliance-friendly access model.

Standards & Certifications

ISO 27001 and SOC 2 attestations available. Tungsten undergoes regular security assessments to maintain compliance standards required by aerospace customers.

Security Architecture

Tungsten implements defence-in-depth security across all layers of the platform.

Encryption

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Sensitive fields (credentials, authentication tokens) are additionally encrypted. Encryption keys are managed securely and rotated according to industry best practices.

Access Control

Role-based access control (RBAC) ensures users only access data relevant to their role. Engineers see assigned tasks and their assigned documents; approvers control approval workflows; observers have read-only visibility. All access is logged and auditable.

Threat Detection & Incident Response

Tungsten monitors for suspicious activity and potential security threats. Automated alerts notify our security team of anomalies. Detailed incident response procedures ensure rapid identification and remediation of security events.

Backup & Disaster Recovery

Automated daily backups with geo-redundant storage ensure data availability. Recovery time objective (RTO) is measured in hours. Restoration procedures are tested regularly to guarantee business continuity even in worst-case scenarios.

Audit Logging & Monitoring

Every user action is logged in a tamper-evident audit trail. Logs are centrally stored, encrypted, and monitored. Regulatory audits can trace document approvals, access history, and changes with full attribution and timestamps.

Data Residency & Sovereignty

Your certification data is stored in AWS infrastructure located in the European Union and United Kingdom.

EU Data Centre: Tungsten can host certification data in AWS eu-west-1 (Ireland) or eu-central-1 (Frankfurt).

UK Data Centre: For UK-based organisations, data can be stored in AWS eu-west-2 (London).

GDPR & Regulatory Alignment: EU/UK residency supports GDPR Article 32 requirements and aerospace industry norms for sensitive data localisation.

Customisation: Enterprise customers can specify data centre preferences. Contact us for details.

Compliance Documentation

We maintain comprehensive compliance documentation including:

  • ISO 27001 Certification: Information security management system compliance
  • SOC 2 Type II Report: Service Organisation Control audit results
  • GDPR Data Processing Agreement (DPA): For compliant data handling
  • Security & Privacy Policy: Detailed disclosure of data practices
  • Incident Response Plan: Procedures for security event management

Need to review our compliance credentials? Contact our team.

Request Compliance Documentation