OrbitQops is built by and for serious institutional buyers — enterprises, public-sector undertakings, government bodies, and defence organisations. Compliance, traceability, and disciplined disclosure are core to how we operate. This page summarises our public posture. Detailed evidence is shared under NDA in the course of evaluation.
1. Standards We Align To
Our engineering and management practices are aligned to the following frameworks. Items marked "in progress" are under active implementation; items marked "monitoring" are reviewed for applicability as we scale.
- NIST Post-Quantum Cryptography — selected algorithms aligned to NIST's post-quantum standardisation programme.
- FIPS 140-3 — cryptographic-module guidance considered in design (in progress).
- ISO/IEC 27001 — information-security management system (in progress).
- ISO/IEC 27701 — privacy information management (monitoring).
- SOC 2 (Type I/II) — service-organisation controls for the marketing and customer-facing surface (monitoring).
- India DPDP Act 2023 — see our Privacy Policy.
- India CERT-In Directives — incident-reporting and log-retention obligations are observed.
2. Made-in-India and Trusted-Source Posture
- OrbitQops platform is designed in India by Palm Technologies Private Limited.
- We are committed to Atmanirbhar Bharat objectives — supporting domestic manufacturing, sourcing, and public-procurement preferences (e.g. PPP-MII) where they apply.
- We engage with iDEX, DPIIT, Startup India, and analogous initiatives in good standing.
3. Export Controls and Sanctions
Cryptographic and dual-use security technology may be subject to export-control and sanctions regimes, including India's SCOMET list. We screen counterparties and transactions, and we will decline engagements that do not meet our export and end-use controls.
4. Anti-Bribery and Anti-Corruption
Palm Technologies operates a zero-tolerance policy on bribery, kickbacks, facilitation payments, and other corrupt practices. Our personnel and partners are required to conduct business consistent with the Indian Prevention of Corruption Act and equivalent laws in counter-party jurisdictions.
5. Supply-Chain Integrity
- Component traceability — bill-of-materials with documented provenance.
- Authorised distribution — semiconductor sourcing through authorised channels.
- Tamper-evident packaging and verification on receipt.
- Trusted-foundry strategy reviewed as the platform matures.
6. Secure Development Lifecycle
- Threat modelling at architecture and feature level.
- Static analysis, peer review, and protected branches.
- Hardware-security testing on representative units.
- Cryptographic agility — defined process for algorithm migration.
7. Responsible Disclosure
If you believe you have identified a security vulnerability in OrbitQops or in this website, please contact us privately at support@orbitqops.com.
What to expect:
- Acknowledgement of receipt within 3 business days.
- Triage and validation within 10 business days.
- Coordinated remediation timeline communicated in writing.
- Recognition of bona fide security researchers, where requested and appropriate.
Please do not publicly disclose a suspected vulnerability before remediation. Do not attempt to access data that does not belong to you, degrade service, or violate privacy.
8. Audit and Evaluation Support
For qualifying enterprise, PSU, and defence buyers, we support due-diligence review under NDA — including architecture briefings, control mappings, third-party penetration-test results, and sample test reports.
9. Government, Tender and Defence Inquiries
Procurement, tender, RFP, RFI, and defence inquiries are handled by the founder's office. Please reach us at support@orbitqops.com or via the Contact form, choosing "Government / Tender" or "Defence / PSU" as the inquiry type.
10. Updates
This page is reviewed periodically as we mature certifications and controls. Material changes will be reflected in the "Effective" date above.