Air-gapped, ISM-aligned CMMS with zero outbound traffic. Built for Australian defence, government, correctional, and classified environments where network security cannot be compromised.
Australian defence and government facilities management operates under a set of security, compliance, and sovereignty requirements that eliminate most commercial cloud-based software from consideration. The Australian Signals Directorate's Information Security Manual (ASD ISM) and the Protective Security Policy Framework (PSPF) impose strict controls on information systems deployed in government environments β and facilities management systems are not exempt.
The ASD ISM establishes controls for Australian government information systems. A CMMS deployed in a defence or government environment must meet applicable ISM controls, including those relating to data classification, access control, audit logging, and network connectivity. Cloud-hosted SaaS CMMS platforms that transmit data to offshore servers, rely on external APIs, or include embedded third-party trackers are fundamentally incompatible with ISM requirements for Protected or higher classification environments.
inFM is designed to operate without any external network dependencies. Once deployed, the application does not attempt to connect to external services, phone home for updates, or transmit telemetry. This makes it compatible with deployment in network environments where outbound traffic is blocked at the perimeter.
Many defence facilities and some government environments operate on isolated networks with no internet connectivity β either as a security requirement or as a consequence of remote or classified operation. Facilities teams in these environments cannot use any software that requires internet access to function. A CMMS that shows an error screen when it cannot reach its cloud backend is simply not deployable in these contexts.
inFM runs its entire stack β database, API, and frontend β on infrastructure within the restricted network. No external calls are made. The application is fully self-contained once deployed.
In defence and government environments, access to information systems must be managed in accordance with personnel security clearance levels and need-to-know principles. A CMMS where any authenticated user can see all assets across all facilities is unacceptable. Role-based access control must be granular enough to limit users β including contractors β to only the information they are authorised to access.
Defence and government estates encompass an enormous variety of facility types: barracks, training facilities, hangars, workshops, armouries, administrative buildings, intelligence facilities, correctional centres, courts, government offices, and more. Each facility type has different asset classes, maintenance requirements, and compliance obligations. A facilities management system must be flexible enough to handle this diversity while maintaining consistent record-keeping across the portfolio.
Defence and government facilities routinely use external contractors for specialist maintenance. Managing contractor access β including ensuring that contractors hold appropriate clearances for the areas they are working in β is a significant administrative and security burden. The CMMS should record contractor details, assignment history, and support access restriction to cleared areas only.
Government organisations are subject to audit by internal and external bodies. Every maintenance action, work order, asset modification, and user action must be recorded with a tamper-evident audit trail that can be produced on demand. This is not merely good practice β it is a requirement of the PSPF and the records management obligations that apply to Australian government entities.
Six capabilities purpose-built for the security and compliance requirements of Australian defence and government.
inFM makes zero outbound network calls once deployed. The entire application β React frontend, Node.js API, MySQL database β runs within your classified or restricted network. There are no connections to external cloud services, no update pings, no telemetry transmissions, and no embedded third-party tracking scripts. Deploy on your isolated network with confidence that no data leaves your perimeter.
Granular permissions allow you to define exactly what each user role can see and do. Configure domain-level isolation so users at one facility cannot see assets or work orders at another. Restrict contractor access to their specific assigned work orders only. Assign viewer, user, admin, and domain-admin roles with field-level ACL controls. Every access decision is enforced server-side β not merely in the UI.
Every action taken in inFM is logged: work order creation and updates, asset record changes, user login events, permission changes, and data exports. Audit logs are written to the database and cannot be modified through the application interface. Produce full audit reports for any date range, user, or asset on demand. The audit trail satisfies the record-keeping requirements for government entities under PSPF and the Archives Act.
inFM is designed for deployment in restricted network environments consistent with ASD ISM requirements. The application does not use external CDNs, does not embed third-party analytics, does not require cloud authentication services, and does not rely on external APIs for any core functionality. All dependencies are bundled at deployment. Security configuration of the underlying server and database is the responsibility of your IT team, following your organisation's hardening standards.
Manage distributed defence and government estates from a single inFM deployment. Configure bases, barracks, workshops, and administrative facilities as separate domains within the system. Each facility maintains its own asset register, work order queue, and user list, while administrators with cross-facility access can view consolidated reporting and manage the overall portfolio. Suitable for managing geographically distributed estate portfolios from a centralised FM team.
inFM is 100% Australian owned and developed. There is no foreign ownership, no offshore development, and no overseas data handling of any kind. For government procurement, this eliminates the foreign ownership risk assessment that applies to technology products from overseas vendors. The source code is developed in Australia. There is no obligation to transmit any data to any foreign party at any point during or after deployment.
Common questions about deploying inFM in defence and government environments.
Talk to the inFM team about your defence or government FM requirements. We can provide technical documentation, deployment packages, and security assessment support.