Physical Custody Disclosure

Where The Dedicated Hardware Physically Lives, And Who Can Touch It

REDLINE customers do not receive hardware. The dedicated infrastructure is operated by NHN at facilities under our exclusive control. Procurement and compliance committees ask, reasonably, what physical safeguards are on those facilities. This page is the disclosure, written in the vocabulary a CISO and a malpractice broker can both consume.

THE SHORT ANSWER

Biometric access control on every door, 24x7 video surveillance with a 365-day retention SLA, tamper-evident chassis seals on every rack unit, immutable audit-log retention for the contractual life of the customer relationship plus 7 years, and an optional firm-side audit-log streaming forwarder so the firm's SIEM ingests our physical-access events in real time.

1. Facility Posture

NHN operates dedicated compute capacity in named regional facilities (US-East, US-West, EU-Frankfurt, EU-Amsterdam, UK-London, APAC-Singapore, APAC-Tokyo). The capacity is hardware-isolated from any other tenant. The facilities themselves are co-location partners selected on a four-criterion test: SOC 2 Type 2 certified, ISO 27001 certified, multi-zone power and cooling, and 24x7 staffed perimeter.

Facility Class	Standard
Co-location SOC 2	SOC 2 Type 2 reports available on customer request under NDA, refreshed annually
ISO certification	ISO 27001 certified facility, customer-auditable certificate of conformance
Power	Dual-utility feed plus N+1 UPS plus N+1 diesel, monthly load-test cadence
Cooling	N+1 chiller redundancy, 18 to 27 degree C operating envelope
Perimeter	24x7 staffed, mantrap entry, video surveillance with 365-day retention

2. Biometric Access Control

Every door from the building lobby to the rack cabinet is gated by biometric authentication. The standard pattern in NHN-managed cages is two-factor (card plus biometric) at the cage entry, single-factor biometric on the cabinet itself. The biometric template enrolled against each authorized NHN employee is stored on the access-control system, not exfiltrable.

Cage entry: badge plus iris-scan or fingerprint, two-factor
Cabinet entry: biometric only, single-factor
Authorized-personnel roster: documented in the customer's contract addendum, refreshed quarterly
Vendor / contractor entry: escorted by a named NHN employee, no exception
Access events: written to the immutable audit log within 5 seconds of the door event

3. 24x7 Video Surveillance With Retention SLA

Every approach to the dedicated capacity is on continuous video. The retention SLA on raw footage is 365 days, with hash-anchored archive thereafter. Footage is exportable to the customer on a documented chain-of-custody process if requested for an incident investigation.

Coverage Zone	Camera Class	Retention
Building perimeter	4K, IR, motion-tracked	365 days raw + 7 years hash-anchored archive
Cage approach corridor	4K, IR	365 days raw + 7 years hash-anchored archive
Cage entry door	4K with biometric event overlay	365 days raw + 7 years hash-anchored archive
Rack-cabinet face	4K, IR	365 days raw + 7 years hash-anchored archive

4. Tamper-Evident Chassis Seals

Every rack unit in the dedicated capacity ships from the manufacturer with a tamper-evident chassis seal. The seal-serial is photographed and hash-anchored to the immutable audit log on day-of-rack. Any seal-break is a Sev-1 audit event: customer is notified within 4 hours, with photographic evidence and chain-of-custody pre-attached.

Seal pattern: 3M Confirm or equivalent, irreversible, photographed at install
Seal-serial: SHA-256 hash anchored to the audit log at install + quarterly verification cadence
Seal-break detection: continuous visual + manual quarterly inspection
Notification cadence: 4 hours from seal-break detection to customer compliance officer
Forensic chain-of-custody: documented + handover-ready for customer counsel

5. Immutable Audit-Log Retention

Every physical-access event, every seal-state event, every facility power or cooling event is written to an immutable append-only audit log. Retention is the longer of the contractual life of the customer relationship plus 7 years, or applicable regulatory minimum (HIPAA, FRE 902(13), SEC 17a-4(f), state attorney-client privilege statutes). The audit log uses hash-chained entries; tampering downstream is mathematically detectable.

# Sample audit-log row (export schema)
{
  "ts": "2026-05-13T14:22:18.331Z",
  "event_type": "cage_entry",
  "facility": "us-east-1.nhn-dc-01",
  "actor_id": "nhn-emp-44829",
  "auth_factors": ["card", "iris"],
  "customer_id": "redline-cust-acme-llp",
  "prev_hash": "9f4a...",
  "row_hash": "7c2e...",
  "tamper_evident_seal_states": [
    {"rack_unit": "rack-3-u14", "seal_serial": "3M-CF-44A2-9981", "state": "intact"},
    {"rack_unit": "rack-3-u15", "seal_serial": "3M-CF-44A2-9982", "state": "intact"}
  ]
}

6. Optional Firm-Side Audit-Log Streaming Forwarder

For firms that want the physical-access audit trail flowing into the firm's own SIEM in real time, NHN ships an optional outbound forwarder. The forwarder pushes a hash-chained, customer-scoped subset of the physical-access events to the firm's SIEM over TLS 1.3 with mTLS pinning. The forwarder is read-only from the firm's perspective; the firm cannot modify the source-of-truth log, only observe it.

Forwarder Specification

Transport: TLS 1.3 + mTLS, customer-issued client certificate, NHN pins the firm's CA root
Payload format: structured JSON, hash-chained per the source-of-truth audit log
Delivery semantics: at-least-once with idempotency keys; firm's SIEM can de-duplicate
Compatible SIEMs: Splunk, Elastic, Datadog, Sentinel (via standard syslog or HTTP collector)
Latency: median 5 seconds from source event to firm SIEM ingest
Cost: included in the standard enterprise subscription, no upcharge

# Sample forwarder config (Splunk HEC target)
nhn_audit_forwarder:
  endpoint: https://splunk.firm.example.com:8088/services/collector
  auth: mtls
  client_cert: /etc/nhn/forwarder.crt
  client_key:  /etc/nhn/forwarder.key
  pinned_root: /etc/nhn/firm-ca-root.pem
  event_index: nhn_physical_audit
  batch_size: 64
  retry: exponential-backoff
  hash_chain_validation: enabled

7. Customer-Initiated Audit Right

Active enterprise customers have a documented right to commission an annual independent audit of the physical-custody posture against the disclosure above. Cost of the audit is split equally between NHN and the customer for the first audit cycle; subsequent annual audits are customer-funded. Auditor selection is mutual.

Audit cadence: annual
Audit scope: the four named co-location facilities the customer's capacity actually lives in
Audit deliverables: signed attestation, identified gaps with remediation timelines, hash-anchored evidence pack
Auditor pool: any Big-4, NCC Group, KPMG, or customer-elected qualified third party

8. What This Page Is Not

This page is the physical-custody disclosure. It is not a SOC 2 Type 2 report (those are NDA-gated and refreshed annually, on customer request). It is not a substitute for the firm's own broker due diligence. It is the front-loaded disclosure that makes that broker review a 20-minute conversation instead of a six-week back-and-forth.

Procurement Audit Pack Request

For the full procurement audit pack (SOC 2 Type 2 reports under NDA, the named-facility roster for the customer's selected regions, the forwarder config template, the customer-initiated-audit contract addendum):

Email: legal@nohumannearby.com