Maintena’s Data Security: Protecting Your Fleet’s Operational Data
Maintena is built to meet industry standards for maritime data protection, ensuring reliability, confidentiality, and compliance both onboard and ashore. From encrypted local storage to secure synchronization, every feature is designed to protect sensitive operational data against unauthorized access and cyber threats.
Encrypted Local Storage
All onboard data is protected with AES-256 encryption, securing maintenance logs, documents, and crew credentials. This aligns with ISO/IEC 27001 Annex A.10 (Cryptographic Controls) and NIST SP 800-111 (Guide to Storage Encryption Technologies). Even if the vessel’s computer is lost or compromised, unauthorized access is prevented.
Secure Data Synchronization
Maintena uses TLS 1.3 for all data transfers, ensuring end-to-end encryption between vessel and shore servers. Token-based authentication follows OWASP ASVS 4.0, preventing man-in-the-middle attacks and unauthorized API calls.
Role-Based Access Control (RBAC)
Each user role (Crew, Chief Engineer, Superintendent, Office Staff) is granted least-privilege access to data and actions. This complies with ISO/IEC 27001 Annex A.9 (Access Control) and NIST SP 800-53 AC-2 (Access Enforcement), reducing the risk of data leakage.
Critical actions is timestamped, user-attributed, and stored in immutable logs—ready for audits, inspections, and class society reviews.
Tamper-Proof Audit Trails
Job updates, document edits, and procurement approvals are fully traceable. This satisfies ISM Code 7 (Documentation) and ISO 9001 traceability requirements, supporting class audits from DNV, BV, or ClassNK.
Cloud Security & Data Privacy
When online, Maintena runs on AWS infrastructure, which is ISO/IEC 27001, SOC 2, and GDPR-compliant. All synced data is protected with server-side encryption (SSE), and access is restricted by AWS IAM policies monitored for anomalies following CIS AWS Foundations Benchmark.
Offline-First Reliability
Maintena guarantees data integrity with cryptographic checksums during sync after offline use. This follows NIST SP 800-57 Key Management Guidelines, ensuring no corrupted or missing data in low-connectivity environments.
Compliance-Driven Design
- IACS UR Z17 / PMS Requirements → Verifiable maintenance records accepted by class societies
- ISO/IEC 27001:2013 → Information security management best practices
- OWASP Top 10 → Protection against common application-level vulnerabilities
Regular Backups & Recovery
Maintena supports encrypted backups with AES-256 and checksum validation. Backup and restore practices align with ISO/IEC 27031 (Business Continuity for ICT), minimizing risks of data loss due to hardware failure or operational incidents.