Enterprise Grade Security Header Bg

Trust. Security. Compliance

Enterprise-grade security and compliance

RegASK schützt Ihre Daten durch strenge Kontrollen, kontinuierliche Überwachung und bewährte Compliance-Frameworks, die an globalen Standards ausgerichtet sind.

Contact Security Team

standards

A frame of recognized standards

Our certifications are not decorative. Each is maintained continuously, audited by independent third parties, and renewed against the most current revisions.

Datenschutzinformationsmanagementsystem (PIMS)

ISO 27701

Managementsystem für künstliche Intelligenz (AIMS)

ISO 42001

Informationssicherheitsmanagement

ISO 27001

Schutz personenbezogener Daten in öffentlichen Clouds

ISO 27018

Sicherheit, Verfügbarkeit und Vertraulichkeit

SOC 2 TYPE II

Einhaltung der Datenschutz-Grundverordnung

DSGVO

Sustainability ratings for companies

EcoVadis

Security principles

Encryption everywhere

Daten werden während der Übertragung (TLS) und im Ruhezustand (AES‑256) verschlüsselt. Geheimnisse werden zentral verwaltet und rotiert.

Least-privilege access

RBAC, SSO und bereichsbezogene API-Schlüssel. Administratoraktionen werden protokolliert und überprüft.

Hardened infrastructure

Netzwerksegmentierung, WAF, verwaltetes Kubernetes und regelmäßiges Patchen.

Compliance by design

Unterstützt durch zertifizierte ISMS- und KI-Managementprozesse. Kontinuierliche Kontrollüberwachung.

Resilience and continuity

Tägliche Backups und getestete Playbooks zur Notfallwiederherstellung.

Secure development

Statische/dynamische Tests, Peer-Reviews und Abhängigkeitsscans in CI.

Enterprise-Sicherheitsfunktionen

SSO

SAML/OIDC SSO for centralized authentication

SCIM provisioning

Automated user lifecycle with SCIM for quick onboarding and off-boarding

Audit logging

Comprehensive admin and data access logs with immutable trails

Encryption management

TLS 1.2+ in transit, AES‑256 at rest, managed keys with rotation

Network protection

WAF, DDoS protection, rate limiting and network segmentation

Vulnerability managment

Continuous scanning and regular 3rd‑party penetration tests

Ownership

You retain full ownership of your data at all times. We process it on your behalf – and only as you direct.

Retention

Configurable retention windows, governed by your policies. Verifiable deletion on request.

AI use

Only approved model providers, governed by ISO/IEC 42001. Your data is never used to train or fine-tune any AI model.

Residency

Transparent sub-processor inventory and regional hosting options aligned to your jurisdiction.

Your data is yours, always

Frequently asked questions

CONTROLS

Security controls and policies

Sample of our comprehensive security framework – full documentation available on demand

Product security

  • Situational awareness for incidents
  • Vulnerability remediation process
  • Centralized management of flaw remediation

Data security

  • Encrypting data at rest
  • Inventory of infrastructure assets
  • Data backups

Network security

  • Impact analysis
  • Limit network connections
  • External system connections

App security

  • Conspicuous link to privacy notice
  • Secure system modification
  • Application security testing

Corporate security

  • Code of business conduct
  • Security & privacy awareness
  • Performance review

Vertrauenswürdige Infrastruktur

Amazon Web Services

Microsoft Marketplace

Google Cloud

NVIDIA

Certifications listed reflect RegASK’s advanced security posture and may be subject to validation under NDA upon request.
For current policies, controls, and documents, contact us to gain access to our comprehensive Trust Center.

Trust Center

Want to look deeper?

Our Trust Center contains current audit reports, control evidence, sub-processor disclosures, and policy documentation. We share it with prospects and customers under NDA – typically within one business day of request.