Security & Compliance Overview
Nortech AI provides industrial data collection and edge computing solutions designed to operate safely within the world’s most critical infrastructure environments. From maritime vessels to power plants, our “Secure-by-Design” philosophy ensures that our technology acts as a security asset, not a liability.
Our platform supports compliance with major international standards by leveraging configurable operational modes—ranging from strictly offline, air-gapped data diodes to secure, encrypted data collection—adapting to the specific regulatory needs of each sector.
Engineered to be compliant with
Compliance by Sector
Marine & Offshore
IACS UR E27
New build vessels (July 1, 2024+) and offshore assets.
The Nortech Edge is engineered to meet the strict Unified Requirement E27 (UR E27) for Computer Based Systems (CBS).
details
Offline Hardening
Designed for “Category II/III” systems where internet connectivity is restricted or unavailable.
Port Security
Physical ports (USB) and unauthorized logical ports are disabled by default to prevent local tampering (USB-borne malware).
Vessel Safety
“Read-Only” protocol drivers ensure the data collector cannot inadvertently compromise essential shipboard services (HVAC, Propulsion) even if the device fails.
Industrial Automation
IEC 62443
General Manufacturing, Process Industry, and System Integrators.
Our architecture aligns with the Foundational Requirements (FR) of IEC 62443-4-2 (Component Security) and supports IEC 62443-3-3 (System Security).
details
Segmentation (FR 5)
The device acts as a strict gateway between OT (Operational Technology) and IT zones, supporting the “Zones and Conduits” model.
Least Privilege (FR 4)
Drivers for S7, BACnet, and Modbus are strictly scoped to specific memory areas and “Allow-listed” tags.
Identification & Auth (FR 1)
No default passwords. Mandatory RSA-2048 key-pair authentication for all local maintenance.
US Energy Sector
NERC CIP
North American Electric Reliability Corporation (BES Cyber Systems).
For the US energy market, the Nortech Edge is available in a “Local Management Only” configuration to support NERC CIP-005, CIP-007, and CIP-013 compliance.
details
CIP-005 (Perimeter)
In this mode, all external VPNs and persistent cloud connections are disabled. The device operates inside the Electronic Security Perimeter (ESP) without creating a routable bridge.
CIP-013 (Supply Chain)
Nortech provides cryptographically signed firmware and hash verification for all updates, ensuring supply chain integrity.
CIP-007 (Hardening)
Automated port disabling and strictly defined “logical listening ports” satisfy system hardening requirements.
Enterprise Security
ISO 27001
Corporate Governance and Risk Management.
Nortech AI’s internal operations are governed by policies aligned with the ISO/IEC 27001 framework.
details
Incident Response
A Security Incident Response Team (SIRT) with defined SLAs.
Vulnerability Management
Continuous scanning of our software supply chain and a formalized triage pipeline for remediation.
Access Control
Strict “Need-to-Know” policies and MFA enforcement for all Nortech internal systems.
Technical Security Highlights
Store-and-Forward
Breaks the TCP connection so external systems never touch the PLC directly.
IEC 62443 — Segmentation
Headless Design
No monitor/keyboard; reduces local attack surface.
Physical Security
Read-Only Drivers
Driver-level controls prevent write commands to operational systems.
UR E27 — Safety
RSA-2048 Authentication
Replaces weak passwords with cryptographic keys for secure maintenance access.
CIP-007 R5 — Authentication
Nortech AI understands that compliance is an ongoing process, not a one-time checkmark. We are committed to:
Transparency
Providing Software Bill of Materials (SBOMs) upon request.
Responsiveness
Notifying customers of confirmed security incidents within a reasonable time (Critical Severity).
Integrity
Delivering updates that are verified and safe to deploy in mission-critical environments.
