Legal

Security Posture

A factual summary of the controls implemented on the INFORM website and access portal. References to frameworks describe alignment targets, not certification.

Implemented controls

Encryption in transit via TLS (configured at the hosting layer).
HTTP strict-transport-security (HSTS) header where supported.
Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and Referrer-Policy headers.
Session cookies configured Secure, HttpOnly and SameSite=Strict.
Password storage via PHP password_hash (bcrypt) with periodic rehash on login.
CSRF protection on data-changing forms via double-submit token.
Rate limiting on authentication endpoints.
Audit log of authentication, access and download events.
Restricted file downloads via authenticated download.php; the uploads directory disables PHP execution and directory indexing.
Workflow portal and admin pages are excluded from search-engine indexing.

Alignment targets (not certifications)

ISO/IEC 27001 / 27002 / 27005 / 27701 — information security and privacy framework alignment.
ACSC Essential Eight — control mapping under development; maturity level not yet independently assessed.
NIST SP 800-63B — password strength and authenticator handling principles referenced; identity-assurance level mapping under development.
OWASP ASVS / OWASP Top 10 — used as engineering checklist for the web layer.
WCAG 2.2 AA — accessibility target; audit pending (see Accessibility Statement).

What is not in scope of this statement

This statement covers the public website and the access portal. It does not cover the INFORM laboratory environment, partner systems or any deployed asset systems (none of which are connected to this website at present).

Reporting a security issue

Please contact admin@informpulse.com with a description of the issue, reproduction steps and your preferred response window. Do not include personal information of third parties or actual secrets in initial reports.

References to ISO, NIST, ACSC, OWASP and WCAG describe alignment targets and control mapping only. They do not represent certification, accreditation, legal compliance opinion or independent audit unless expressly stated with supporting evidence.

Site-wide disclaimer

INFORM powered by PULSE is an applied research and validation programme. Performance values referenced on this site are validation targets subject to staged, evidence-gated testing under controlled laboratory, pilot and field conditions. No statement constitutes a guarantee of performance, regulatory approval, certification, commercial deployment, revenue, customer adoption, environmental claim eligibility, insurance treatment or investment return. Detailed formulation, dispersion, electrode, DAQ and software design parameters are not published publicly and are subject to confidentiality arrangements.

References to ISO, security, privacy, accessibility and governance frameworks on this site describe alignment targets and control mapping only. They do not represent certification, accreditation, legal compliance opinion or independent audit unless expressly stated with supporting evidence.