Opisense
Trust center

Controls

A detailed overview of the security and privacy controls that support our compliance roadmap. Status reflects current implementation progress.

How to read this page

The statuses below describe implementation progress for individual controls. They are not a certification claim. Framework-level compliance and certification roadmap (e.g. ISO / SOC) is tracked separately.

Status meaning

  • Implemented

    Deployed, documented, and in use.

  • In progress

    Being implemented or rolled out.

  • Planned

    Defined but not started.

  • At risk

    Remediation needed or progress is at risk.

We maintain compliance with GDPR and the EU AI Act as part of day-to-day operations. ISO 27001 is in progress; ISO 42001, ISO 9001, SOC 2 Type 2, and NIS2 are planned and will be followed as they come into scope.

View compliance status

Infrastructure security

ControlStatus

Unique account authentication enforced

Authentication to systems and applications uses unique credentials or authorized keys per user.

Implemented

Access control procedures established

Access control policies define how users are added, modified, and removed from systems.

Implemented

Remote access encrypted enforced

Remote access to production systems is restricted to authorized users via encrypted connections.

Implemented

Information security for use of cloud services

Processes for acquisition, use, management and exit from cloud services are established in accordance with the organization’s information security requirements.

Implemented

Information transfer

Information transfer rules, procedures, or agreements are in place for all types of transfer facilities within the organization and between the organization and other parties.

Implemented

Authentication information

Allocation and management of authentication information is controlled by a management process, including advising personnel on the appropriate handling of authentication information.

Implemented

Secure authentication

Secure authentication technologies and procedures are implemented based on information access restrictions and the topic-specific policy on access control.

Implemented

Use of privileged utility programs

The use of utility programs that can be capable of overriding system and application controls is restricted and tightly controlled.

In progress

Monitoring activities

Networks, systems and applications are monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.

Implemented

Remote working

Security measures are implemented when personnel are working remotely to protect information accessed, processed or stored outside the organization’s premises.

In progress

Segregation of networks

Groups of information services, users and information systems are segregated in the organization’s networks.

Implemented

Web filtering

Access to external websites is managed to reduce exposure to malicious content.

Implemented

Clock synchronization

The clocks of information processing systems used by the organization are synchronized to approved time sources.

Implemented

Application security requirements

Information security requirements are identified, specified and approved when developing or acquiring applications.

In progress

Secure system architecture and engineering principles

Principles for engineering secure systems are established, documented, maintained and applied to any information system development activities.

In progress

Organizational security

ControlStatus

Employee background checks performed

Background checks are performed on employees in accordance with local laws and regulations.

Implemented

Code of Conduct acknowledged

Employees acknowledge a Code of Conduct covering security and privacy expectations.

In progress

Security awareness training implemented

Employees receive regular training on security awareness and incident reporting.

Implemented

Product security

ControlStatus

Control self-assessments conducted

Security and compliance controls are periodically reviewed and self-assessed.

Implemented

Vulnerability and system monitoring established

Processes exist for vulnerability management and security monitoring of production systems.

Implemented

Penetration testing performed

Regular penetration tests are planned as part of the security roadmap.

Implemented

Internal security procedures

ControlStatus

Continuity and Disaster Recovery plans established

Business continuity and disaster recovery plans are defined for critical services.

In progress

Development lifecycle established

A secure development lifecycle governs changes to the platform.

In progress

Incident response policies established

Policies describe how security and privacy incidents are handled and communicated.

In progress

Data and privacy

ControlStatus

Data retention procedures established

Retention and disposal procedures guide how customer and company data is stored and deleted.

Implemented

Data classification policy established

Data classification guidelines help ensure that confidential data is secured and access controlled.

Implemented

Customer data deleted upon leaving

Customer data is removed or anonymized when a customer terminates the service.

Implemented