Compliance Ready
Built-in compliance for GDPR, NIS2, and SOC2 requirements
GDPR Compliance
Full compliance with the General Data Protection Regulation (EU 2016/679)
| Article | Requirement | Implementation | Status |
|---|---|---|---|
| Art. 15 | Right of Access | Data export endpoint for subject requests | Implemented |
| Art. 17 | Right to Erasure | Hard delete with verification and audit | Implemented |
| Art. 25 | Privacy by Design | Encryption + IP pseudonymization built-in | Implemented |
| Art. 32 | Security Measures | TLS, RBAC, AES-256-GCM encryption | Implemented |
| Art. 4.5 | Pseudonymization | IP address encryption module | Implemented |
NIS2 Compliance
Compliance with the Network and Information Security Directive (EU 2022/2555)
Risk Analysis
Security measures based on comprehensive risk analysis with documented controls
Incident Response
Webhook alerting for rapid incident detection and response automation
Business Continuity
Raft cluster with automatic failover ensures continuous operation
Supply Chain Security
SBOM generation and CVE scanning for dependency management
Security by Design
RBAC, mTLS, and multi-layer security architecture built-in
Cryptography
TLS 1.2+, AES-256-GCM, RSA-SHA256 signatures throughout
SOC2 Type II Ready
All five Trust Service Criteria implemented and documented
Security
Availability
Processing Integrity
Confidentiality
Privacy
Key Controls Implemented
Audit Capabilities
Comprehensive audit logging for regulatory compliance
Audit Log Features
- Immutable JSON Lines format
- HMAC-SHA256 signatures
- Configurable retention periods
- Tamper detection
- ELK/Loki integration ready
Tracked Events
- Authentication attempts (success/failure)
- Configuration changes
- Client connections/disconnections
- Administrative actions
- Security events (rate limits, anomalies)
Need compliance documentation?
Contact us for detailed compliance matrices and control documentation.
Contact Us