Harley & Son logo AS9102.report

Your drawings are in safe hands

We understand the sensitivity of aerospace and defense manufacturing data. Harley & Son is AS9100 certified and ITAR registered, with infrastructure designed specifically for export-controlled technical data.

🔒 ITAR-Compliant Infrastructure

All customer data is stored securely within a FedRAMP High authorized cloud environment — a dedicated U.S. region designed for government agencies and defense contractors handling sensitive and export-controlled technical data.

U.S. persons only access
Physical servers in U.S.
No foreign data transfer

🛡️ Security Architecture

  • Encryption at Rest: All files encrypted using FIPS 140-2 validated cryptographic modules
  • Encryption in Transit: TLS 1.2+ enforced for all data transfers; unencrypted connections rejected
  • Multi-Factor Authentication: MFA required for administrative access; available for customer portal accounts
  • Access Logging: All access and actions logged for security review

📋 Quality & Compliance

  • AS9100 Certified: Quality management system certified to aerospace standards
  • ITAR Registered: Department of State registration for handling defense articles
  • U.S. Persons Team: All staff with drawing access are verified U.S. persons
  • Need-to-Know: Access strictly limited to personnel working on your specific project

Data Lifecycle & Your Control

Storage & Retention

  • • Files stored in a FedRAMP High authorized U.S. cloud region
  • • Default retention: 90 days from delivery
  • • Automatic secure deletion after retention period
  • • Versioned storage with tamper protection

Your Options

  • • Request early deletion anytime in writing
  • • Download all files from secure portal
  • • Data remains within U.S. boundaries at all times
  • • All access and actions logged for auditing purposes

Network Protection

Security controls protect your data from unauthorized access:

  • Encrypted Connections: TLS enforced for all data transfers
  • Access Controls: Authenticated API endpoints with scoped permissions
  • Presigned URLs: Time-limited, single-use links for file transfers
  • CORS Restrictions: API access restricted to authorized origins

Your Responsibilities

You remain responsible for proper classification and marking of any data you provide. Ensure you have authorization to share technical data with us before upload. If you have questions about export classifications, please contact our compliance team before proceeding.

Need more details about our security practices?

Contact our compliance team →

SAE Notice: AS9102 is referenced for identification only; Harley & Son is not affiliated with or endorsed by SAE International.