Trust & Compliance

Certified, audited, regulated.

OptiComm.AI is built and operated under six ISO management systems and aligned with the EU's strictest digital regulations, including the AI Act, GDPR, NIS2, and DORA.

ISO/IEC 27001
ISO/IEC 27018
ISO/IEC 42001
ISO 9001
ISO/IEC 20000-1
ISO 22301
6
ISO standards, independently certified
AI Act
ready, ISO 42001 aligned
NIS2 + DORA
control framework aligned
GDPR
DPA available on request

ISO Certifications

Six standards, one operating system.

Every ISO certificate is granted by an accredited body and renewed through annual surveillance audits. Certificates and summaries are available on request.

ISO/IEC 27001

ISO/IEC 27001

Information Security Management

Our information security program is independently certified. Risk assessment, access control, encryption, monitoring, and incident response are all run against an auditable framework.

ISO/IEC 27018

ISO/IEC 27018

Protection of PII in Public Clouds

When we process personal data in cloud environments, we apply the additional controls ISO 27018 requires for transparency, consent, and customer ownership of data.

ISO/IEC 42001

ISO/IEC 42001

AI Management System

The first international standard for AI governance. We run a documented AI Management System covering risk, lifecycle, transparency, and human oversight for every agent.

ISO 9001

ISO 9001

Quality Management

Our processes for delivery, support, and continuous improvement are certified to the world's most adopted quality standard, so service quality is measured, not promised.

ISO/IEC 20000-1

ISO/IEC 20000-1

IT Service Management

Change, incident, problem, and service-level management are run to ISO 20000-1, so production changes are controlled and customer-impacting events are tracked end to end.

ISO 22301

ISO 22301

Business Continuity Management

We maintain tested business continuity and disaster-recovery plans so the platform keeps serving customers through disruption, with documented recovery objectives.

EU Regulatory Readiness

Compliant with the laws that matter in Europe.

Our control framework maps to the EU AI Act, GDPR, NIS2, and DORA. Here is what that means in practice for your security and procurement teams.

EU AI Act

Regulation (EU) 2024/1689

Aligned

Sets the EU's risk-based rules for AI systems and General-Purpose AI models, including transparency, oversight, and documentation duties.

  • Risk classification of every agent use case
  • End-user disclosure: callers are told they are speaking with an AI
  • Human-in-the-loop on high-impact actions
  • Technical documentation, model cards, and incident logs kept current
  • Aligned with our certified ISO/IEC 42001 AI Management System
Responsible AI statement

GDPR

Regulation (EU) 2016/679

Aligned

Governs all processing of personal data of people in the EEA, with strict rules on lawful basis, purpose limitation, transparency, and data subject rights.

  • Lawful-basis register and Records of Processing maintained
  • Data Protection Officer appointed (Camelia Naluca)
  • DPIA performed on AI processing activities
  • EEA-first hosting; SCCs for any sub-processor outside the EEA
  • Data subject request workflow with 30-day SLA
Privacy PolicyData Processing Agreement

NIS2 Directive

Directive (EU) 2022/2555

Aligned

Raises the EU baseline for cybersecurity of essential and important entities, including digital service providers and their supply chains.

  • ISO 27001 controls mapped to NIS2 Article 21 measures
  • 24-hour significant-incident notification workflow
  • Supply-chain risk assessment for every sub-processor
  • Annual penetration testing and continuous vulnerability management
  • Board-level reporting on cybersecurity posture
Sub-processors

DORA

Regulation (EU) 2022/2554

Ready

Digital Operational Resilience Act for the EU financial sector, including the ICT third-party providers that serve regulated entities.

  • ICT risk management framework documented
  • Third-party ICT register, including sub-processors and tooling
  • Resilience testing schedule with threat-led scenarios
  • Incident classification ready for financial-sector customer reporting
  • Contractual building blocks aligned with DORA Article 30

How we prove it

Independent, recurring, transparent.

Independent audits

Annual surveillance audits by an accredited certification body, with three-year recertification cycles for every ISO standard.

Penetration testing

External penetration tests run annually and on every major release, with remediation tracked against severity and SLA.

Sub-processor transparency

Every sub-processor we use is published, with location and purpose. Customers are notified before any material change.

Documents & requests

Everything your security team will ask for.

We respond to security questionnaires and document requests from prospective and active customers. Email security@opticomm.ai or legal@opticomm.ai.

  • ISO certificates (PDF)
    Email request
  • Statement of Applicability (under NDA)
    Email request
  • Latest penetration-test executive summary
    Email request
  • Data Processing Agreement
    Self-serve at /dpa
  • Sub-processor list
    Self-serve at /subprocessors
  • AI transparency statement
    Self-serve at /ai-transparency

Need something specific for your security review?

We are used to enterprise procurement and regulated industries. Tell us what you need and we will get back within one business day.

Contact security