Armour Comms

Armour Mobile

A London based organisation providing NCSC certified secure mobile communications (voice, video, messaging, group chat and data) on iOS and Android smartphones and tablets and Windows 10. Supplying Governments with cost-effective, easy to use technology combined with advanced security techniques to deliver cloud-based and on-premises solutions up to UK SECRET.


  • Secure voice calls, video calls, messaging, group chat and conferencing
  • Simple to use, simple to deploy, end to end encryption
  • Supports popular COTS devices such as Android, iOS, Windows 10
  • Message Burn/Time to Live (TTL) determines message life
  • Advanced features for potential use at SECRET / Advanced Mobile
  • Excellent audio quality using Opus codec
  • Secure connection to landlines and voice services inc Skype
  • Compatible with Samsung Knox, Trustzone.
  • Compatible with complementary technology e.g. MDM and MAM systems
  • NCSC, CPA accredited solutions up to OFFICIAL SENSITIVE


  • Manage governance, risk and compliance
  • Flexible secure communications for mobile workers/ hot desking
  • Face to face meeting environment wherever employees are located
  • Team work will benefit from the secure group chat functionality
  • Supports interoperability with Unified Communications
  • Situational awareness using realtime visuals of disaster/crisis situations
  • Secure, CPA certified alternative to WhatsApp, Viber, SIGNAL, Cryptify.
  • Secure by default, using NCSC approved encryption and MIKEY SAKKE
  • Maximize your communications investments by connecting into your mobile environment
  • Founding member and Chair of Standards Committee of Secure Chorus


£10 per device per month

  • Free trial available

Service documents

G-Cloud 11


Armour Comms

Peter Jenkins

0203 637 3801

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Community cloud
Service constraints Armour Mobile can be applied to iOS and Android phones and tablet devices and Windows 10 Desktop
System requirements
  • COTS Apple devices (phone or tablet) iOS Version 9+
  • COTS Android devices (phone or tablet) OS Version 5+
  • Windows 10 Desktop

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Severity-related response times from 4 hours upwards depending on SLA, during UK working hours 09:00 to 17:00 (see Support Levels).
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Armour provides customer specific account managers to support client requirements .
24x7 support can be made available at additional cost depending on requirements.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Training tutorials are available on the Armour Comms website.
Additional training services are available e.g. train the trainer and can be quoted on request.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction Armour Mobile contacts data can be removed from the device prior to the contract end by creating a export file and emailing.
End-of-contract process The customer will be contacted prior to the end of the contract to see if they wish to renew. If they do not wish to renew, the app will cease to communicate with the service. The app will remain on the device and retain all the information within it.

Using the service

Using the service
Web browser interface No
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • Windows
Designed for use on mobile devices Yes
Differences between the mobile and desktop service Armour Mobile is designed to offer the same functionality and similar look and feel on all platforms.
Customisation available No


Independence of resources Usage is monitored on a continual basis and scaled according to requirement


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach Armour secure data at rest on mobile devices is encrypted to protect it. Data at rest on servers is protected by a multi-security-zone server architecture with database encryption, physical access control to dedicated server room, staff authorisation, staff security clearance, etc.
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach In-house destruction process

Data importing and exporting

Data importing and exporting
Data export approach For security reasons the only data that can be exported from the device is the contacts. A user can export their contacts to an encrypted file and store or email it off their device (platform-dependent).
Data export formats Other
Other data export formats Encrypted file
Data import formats Other
Other data import formats Encrypted file

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks Armour secure services are protected by at least AES-128 with PKI using MIKEY-SAKKE between end user devices and up to AES-256 with TLS1.2+ in client/server interactions.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network All inter-server communications within the Armour secure service use at least TLS1.2+ with AES-256, multi-zone server security, firewalling, intruder detection, monitoring, etc.

Availability and resilience

Availability and resilience
Guaranteed availability The Armour Mobile service is dependent on the full availability of the data service over the mobile bearers provided by the third-party cellular systems. However, typical availability of the underlying Armour networks is 99.98%; specific SLAs are available if required by the customer.
Approach to resilience Armour server resilience information is available on request.
Outage reporting Unexpected Armour Mobile outages are reported by email to customers. (Pre-planned outages are, of course, notified to customers in advance.)

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
  • Other
Other user authentication End user clients are password protected, based on the unique end point identity used in the MIKEY-SAKKE cryptography; the client itself also authenticates to the servers. Additional user authentication (e.g. 2-factor) is available at additional cost based on user requirements.
Access restrictions in management interfaces and support channels Access to the user management system / servers is restricted to authorised administrators using passwords, user certificates, etc. For support, senior staff have SC clearance to deal with sensitive customer issues.
Access restriction testing frequency At least once a year
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • CPA (up to OFFICIAL SENSITIVE) for key service components
  • Cyber Essentials for company-wide IT security
  • CPA Build Standard assessment of development mechanisms

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Armour follows internal security procedures based on well-recognised industry best-practices.
Information security policies and processes Company CISO reviews security daily with company teams to ensure adherence to defined security processes, including any special requirements imposed for specific customers.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Armour's development processes and operational change management processes follow defined mechanisms using the latest commercial configuration and change management tools.
Vulnerability management type Supplier-defined controls
Vulnerability management approach System security assessments (internal, CERT, etc.) are reviewed daily and resulting server or client level patches are deployed accordingly for the assessed threat, risk and impact level.
Protective monitoring type Supplier-defined controls
Protective monitoring approach The Armour secure service uses commercial IDS, anti-virus and similar measures as well as internal monitoring of its servers and services to detect potential compromises. Any issue identified is triaged (with CISO or delegate) and action taken to a timescale appropriate to the risk/impact.
Incident management type Supplier-defined controls
Incident management approach Incidents follow Armour's defined process for reporting and handling.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Public sector networks
Connection to public sector networks No


Price £10 per device per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Armour Comms can offer free trial licences of an agreed quantity for an agreed period so that the customer can do a full and effective trial

Service documents

pdf document: Pricing document pdf document: Terms and conditions
Service documents
Return to top ↑