Harley & Son AS9102.report

Your drawings are in safe hands

We understand the sensitivity of aerospace and defense manufacturing data. Harley & Son is AS9100 certified and ITAR registered, with infrastructure designed specifically for export-controlled technical data.

🔒 ITAR-Compliant Infrastructure

All customer data is handled exclusively within a FedRAMP High-certified cloud service in AWS GovCloud (US) — a dedicated region designed for U.S. government agencies and contractors handling ITAR-controlled technical information.

U.S. persons only access
Physical servers in U.S.
No foreign data transfer

🛡️ Security Architecture

  • FedRAMP High-certified cloud handling: Workloads run in a U.S. sovereign environment aligned to ITAR and NIST expectations
  • FIPS 140 encryption at rest and in transit: Strong cryptography protects uploads, storage, and delivery
  • MFA-protected access: Multi-factor authentication enforced for every user and administrator
  • Monitored access: Comprehensive audit logging, anomaly detection, and least-privilege controls reduce risk

Built for ITAR and AS9100 environments, yet still appropriate for customers without ITAR or NIST obligations.

📋 Quality & Compliance

  • AS9100 Certified: Quality management system certified to aerospace standards
  • ITAR Registered: Department of State registration for handling defense articles
  • U.S. Persons Team: All staff with drawing access are verified U.S. persons
  • Need-to-Know: Access strictly limited to personnel working on your specific project

Standard cloud security (for non-ITAR uploads)

Every customer benefits from encryption in transit and at rest, strict identity controls (MFA by default), and retention limits. If you do not have ITAR or NIST requirements, you still get FIPS 140-encrypted transport and storage plus U.S.-only handling inside GovCloud.

Data Lifecycle & Your Control

Storage & Retention

  • • Files stored in us-gov-west-1 (GovCloud West)
  • • Default retention: 90 days from delivery
  • • Automatic secure deletion after retention period
  • • S3 versioning with optional Object Lock

Your Options

  • • Request early deletion anytime in writing
  • • Download all files from secure portal
  • • No data transferred outside GovCloud
  • • Complete audit trail available on request

Network Protection

Multi-layered security controls protect your data from unauthorized access while preserving FedRAMP High and FIPS encryption baselines:

  • AWS WAF: Web application firewall with rate limiting
  • OWASP Rules: Protection against common web exploits
  • GuardDuty: Intelligent threat detection monitoring
  • VPC Isolation: Private network segmentation

Your Responsibilities

You remain responsible for proper classification and marking of any data you provide. Ensure you have authorization to share technical data with us before upload. If you have questions about export classifications, please contact our compliance team before proceeding.

Need more details about our security practices?

Contact our compliance team →

SAE Notice: AS9102 is referenced for identification only; Harley & Son is not affiliated with or endorsed by SAE International.