Trust Center

Our Commitment to Information Security and Data Protection

Highest standards in information security and data protection.

Trust Center

Security & Compliance at VamiSec

Transparency is the foundation for trust. Here you will find all information about our certifications, management systems, and security policies.

ISO 27001ISMS certified (DAkkS)

ISO 42001AI Management System

GDPRFully compliant

AI ActEU-regulated

CRAProduct security compliant

NIS2Cyber resilience compliant

DAkkS-accredited certificationIntegrated management systemContinuous improvementHosting in the EU

Certified

ISO/IEC 27001 certified – by DAkkS-accredited body

VamiSec has successfully completed ISO/IEC 27001 certification through a DAkkS-accredited certification body. This confirms the effectiveness of our Information Security Management System at the highest level.

DAkkS-accreditedAnnual surveillance auditsAll business processes in scope

Download certificate

Certifications & Standards

Our Management Systems & Compliance

VamiSec actively maintains certified management systems and meets the most important European regulations.

ISO/IEC 27001

Information Security Management System (ISMS)

VamiSec operates a fully implemented and certified ISMS according to ISO/IEC 27001. Certification is carried out by a DAkkS-accredited certification body and maintained through regular surveillance audits.

DAkkS-certifiedActively maintained

ISO/IEC 42001

AI Management System (AIMS)

VamiSec maintains an AI Management System per ISO/IEC 42001 for the responsible, ethical, and secure use of AI systems — from risk assessment through governance to continuous monitoring.

ImplementedActively maintained

GDPR

General Data Protection Regulation

VamiSec meets all requirements of the EU General Data Protection Regulation. Our processes, systems, and contracts are fully GDPR-compliant.

Fully compliant

EU AI Act

European AI Regulation

VamiSec consistently aligns its AI-powered products and services with the requirements of the EU AI Act — including risk classification, transparency obligations, and technical documentation.

Compliant

Cyber Resilience Act (CRA)

Product security for digital products

Our products meet the requirements of the EU Cyber Resilience Act. VamiSec implements security-by-design, systematic vulnerability management, and security updates throughout the entire product lifecycle.

Compliant

NIS2 Directive

EU Directive for Network and Information Security

VamiSec meets the requirements of the NIS2 Directive (EU 2022/2555) and consistently implements the resulting obligations — including risk management, reporting duties, supply chain security, governance structures, and cyber resilience measures.

Compliant

Public Documents

Freely available Downloads

The following guidelines and statements are available for download without registration.

Information Security Policy

PDF · Public · Current Version

Overarching information security policy with strategic direction, objectives, and principles of the ISMS at VamiSec.

View PDF

AI Security & Compliance Policy

PDF · Public · Current Version

Policy for the secure and responsible use of AI systems including governance, risk management, ethics, and regulatory requirements.

View PDF

Statement of Applicability (SoA) – ISO 27001

PDF · Public · Annex A Controls

Statement of applicability of controls from Annex A of ISO/IEC 27001 including justification for selection or exclusion of individual controls.

View PDF

Statement of Applicability (SoA) – ISO 42001

PDF · Public · AI Controls

Statement of applicability of controls from ISO/IEC 42001 for the AI Management System including implementation status and justification.

View PDF

Restricted Documents

Additional Policies & Guidelines

We are happy to provide the following documents upon request. For security reasons, we only provide detailed internal policies after prior review and upon legitimate request.

ISMS Policies – ISO/IEC 27001

Policy and Context – Information Security OrganizationAsset ManagementRemote WorkBusiness Continuity ManagementContinuous ImprovementData Backup and RecoveryData Loss PreventionDocument ControlIdentity and Access ManagementIncident and IT Emergency ManagementInformation and Asset HandlingInformation Compliance ManagementInformation Security in HR ProcessesInformation SecurityISMS ScopeIT Operational SecurityManagement ReviewNetwork SecurityPhysical SecurityRisk ManagementRoles and Committees StructureSecure Software DevelopmentSecurity in Project ManagementService Provider and Supplier ManagementThreat IntelligenceUse of AI SystemsUse of Cloud ServicesUse of Cryptographic Methods

AIMS Policies – ISO/IEC 42001

Policy and Context – AI Management OrganizationAI Asset ManagementAI Risk ManagementAI Ethics and Responsible UseAI Data Quality and Data ManagementAI System Lifecycle ManagementAI Transparency and ExplainabilityAI Impact AssessmentAI Incident and Emergency ManagementAI Compliance ManagementAI Continuous ImprovementAI Management ReviewAIMS ScopeAI Roles and Committees StructureAI Service Provider and Supplier ManagementAI Document ControlAI Human OversightAI Model Validation and Testing

PIMS Policies – Data Protection / GDPR

Policy and Context – Privacy Information OrganizationPersonal Data Asset ManagementData Subject Rights ManagementPrivacy Impact Assessment (DPIA)Data Breach NotificationPrivacy by Design and DefaultConsent ManagementData Retention and DeletionInternational Data TransfersData Processing AgreementsPrivacy Compliance ManagementPrivacy Roles and Committees StructurePrivacy in HR ProcessesPIMS ScopePrivacy Document Control

CSMS Policies – Cyber Security Management System

Policy and Context – Cyber Security OrganizationCyber Asset ManagementCyber Risk ManagementCyber Threat IntelligenceCyber Incident and IT Emergency ManagementVulnerability ManagementCyber Network SecurityCyber Identity and Access ManagementEndpoint and Device SecurityCyber Business Continuity ManagementSecure Software DevelopmentCyber Data Backup and RecoveryCyber Use of Cryptographic MethodsCyber Physical SecurityCyber Service Provider and Supplier ManagementCyber Compliance ManagementCSMS ScopeCyber Roles and Committees StructureCyber Continuous ImprovementCyber Management ReviewCyber Document Control

Contact

Documents Request

Fill out the form and we will provide you with the requested documents after review.

Protect Your Organization Now!

Valeri Milke, CEO of VamiSec

“Only when all instruments are well-coordinated will your organization be secure and compliant.”