| A.8.2 — Privileged access rights |
Separate policy rules for privileged and non-privileged access. MFA step-up requirements for administrative functions. Full audit trail of privileged access. |
| A.8.3 — Information access restriction |
Reverse proxy architecture ensures no direct application access. Every request mediated by TAC policy engine regardless of network location. |
| A.8.4 — Access to source code |
Development environments, code repositories, and CI/CD systems governed by the same policy engine as production applications. |
| A.8.5 — Secure authentication |
FIDO2 phishing-resistant authentication available for all applications — including legacy systems that cannot natively support modern authentication protocols. |
| A.8.6 — Capacity management |
SVA Array scales horizontally to meet access demand. Global Array distributes load across regions for performance and resilience. |
| A.8.7 — Protection against malware |
Device posture validation confirms antivirus status, patch level, and endpoint protection on every access request. |
| A.8.22 — Segregation of networks |
TAC’s reverse-proxy architecture creates logical segregation between user networks and protected application zones. Applications are never directly exposed to user-facing networks; every connection is mediated by TAC’s policy engine. Network-level reachability is decoupled from authorisation — being on a network doesn’t grant access to anything. |
| A.8.15 — Logging |
Forensic-grade logging of all access events — identity, device, application, time, location, and policy decision. Supports ISO 27001 audit evidence requirements. |
| A.8.20 — Networks security |
All inbound access ports closed except one TLS 1.3 encrypted channel. Network attack surface reduced to near zero. |
| A.8.23 — Web filtering |
Reverse proxy controls and logs all application access. Unauthorised application access blocked at the proxy layer. |
