Serbus Limited

Armour Mobile

Armour Mobile is an NCSC CPA certified secure voice, messaging, video and chat application that runs on iOS and Android devices. It provides MoD and Government with a cost-effective, easy to use technology combined with advanced security techniques to deliver cloud-based and on-premises solutions up to Official Sensitive.


  • NCSC CPA accredited secure voice, messaging and video calls
  • Secure voice calls and messaging on smartphone and tablet
  • Cloud hosted or on premise environment
  • Compatible with Samsung Knox, Trustzone and dual factor authentication
  • High call quality with low latency
  • Compatible with supporting software such as MDM MAM EMM
  • Compatible with Skype for Business
  • Secure video capability
  • Standards based PKI architecture utilising Mikey Sakke
  • Simplicity ensures minimal user training burden


  • NCSC CPA certified, so supports organisational compliance requirements
  • Ideal for remote workers and teams travelling globally
  • Enables face to face conversation over video feature
  • Runs on IOS devices, iPhone, iPad and Android Devices
  • Secure calls into landline environments
  • Realtime sharing of critical information
  • Secure conferencing for increased productivity
  • Compatible with Getac Android rigged devices


£10 per device per month

  • Free trial available

Service documents

G-Cloud 10


Serbus Limited

Russell Ticehurst

+44 (0)1432 870879

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints Armour mobile is only compatible with IOS and Android devices and Windows desktops.
System requirements
  • COTS Apple devices (phone or tablet)
  • COTS Android devices (phone or tablet)
  • Windows desktop 10

User support

User support
Email or online ticketing support Yes, at extra cost
Support response times Support is provided as a part of a service support package that is available at additional cost. Typical response times are within 3 hours, 0900-1730 hours Monday to Friday, excluding Bank Holidays. Extended support is available upon request and subject to agreed contract.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Support is specific to each customers requirements and subject to agreed contract. Typically Serbus provide 1st, 2nd and 3rd line support, with 4th line support being from the OEM and typically covered under warranty.

A dedicated account manager is assigned to every customer for every capability deployment.

Pricing is subject to the levels of cover required and response times required.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training tutorials are available on the Armour Comms website.

Additional training services are available e.g. train the trainer (T3) and can be quoted on request.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Armour Mobile contacts data can be removed from the device prior to the contract end by creating a export file and emailing.
End-of-contract process The price of the service includes access to the selected features of the Armour Comms application, such as: voice, video supplement and conferencing.

There is an additional fee for pre-installation services including engineering, for hosting in bespoke server environments and for service support.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Armour Mobile is designed to offer the same functionality and similar look and feel on all platforms,
Accessibility standards None or don’t know
Description of accessibility Armour Mobile supports the accessibility features of the mobile platforms
Accessibility testing N/A
Customisation available No


Independence of resources Usage is regularly monitored, reports produced and scaled according to requirement


Service usage metrics No


Supplier type Reseller providing extra features and support
Organisation whose services are being resold Armour Communications

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Armour secure data at rest on mobile devices is encrypted to protect it. Data at rest on servers is protected by a multi-security-zone server architecture with database encryption, physical access control to dedicated server room, staff authorisation, staff security clearance, etc.
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach Armour Mobile contacts data can be removed from the device prior to the contract end by creating a export file and emailing.

The customer will be contacted prior to the end of the contract to see if they wish to renew. If they do not wish to renew, the app will cease to communicate with the service. The app will remain on the device and retain all the information within it available for export.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Armour secure services are protected by at least AES-128 with PKI using MIKEY-SAKKE between end user devices and up to AES-256 with TLS1.2+ in client/server interactions.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network All inter-server communications within the Armour secure service use at least TLS1.2+ with AES-256, multi-zone server security, fire walling, intruder detection, monitoring, etc.

Availability and resilience

Availability and resilience
Guaranteed availability The Armour Mobile service is dependent on the full availability of the data service over the mobile bearers provided by the third-party cellular systems. However, typical availability outside of the cellular networks is 99.98%; specific SLAs are available if required by the customer.
Approach to resilience Armour server resilience information is available on request.
Outage reporting Unexpected Armour Mobile outages are reported by email or hard copy report to customers. (Pre-planned outages are, of course, notified to customers in advance.)

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication End user clients are password protected, based on the unique end point identity used in the MIKEY-SAKKE cryptography; the client itself also authenticates to the servers. Additional user authentication (e.g. 2-factor) is available at additional cost based on user requirements.
Access restrictions in management interfaces and support channels Access to the user management system / servers is restricted to authorised administrators using passwords, user certificates, etc. All staff hold at least SC, with selected staff and managers holding DV.
Access restriction testing frequency Less than once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • CPA (up to OFFICIAL SENSITIVE) for key service components
  • Cyber Essentials for company-wide IT security
  • CPA Build Standard assessment of development mechanisms

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Serbus follow internal security procedures based on well-recognised industry best-practices. Serbus also hold Cyber Essentials.
Information security policies and processes Company CISO reviews security daily with company teams to ensure adherence to defined security processes, including any special requirements imposed for specific customers.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Serbus' development processes and operational change management processes follow defined mechanisms using the latest commercial configuration and change management tools.
Vulnerability management type Supplier-defined controls
Vulnerability management approach System security assessments (internal, CERT, etc.) are reviewed daily and resulting server or client level patches are deployed accordingly for the assessed threat, risk and impact level.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The Armour secure service uses commercial IDS, anti-virus and similar measures as well as internal monitoring of its servers and services to detect potential compromises. Any issue identified is triaged (with CISO or delegate) and action taken to a timescale appropriate to the risk/impact.
Incident management type Supplier-defined controls
Incident management approach Incidents follow Serbus' defined process for reporting and handling.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 per device per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Armour Comms can offer free trial licences of an agreed quantity for an agreed period so that the customer can do a full and effective trial


Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑