Trust Center
Security and compliance are part of CONVOTIS’s DNA.
Here you can gain an insight into the principles underpinning CONVOTIS’s structured approach to architecture, operations and governance. Security requirements, regulatory guidelines and technical controls are all interlinked – from cloud architectures and security concepts to AI governance and compliance.
Ensure transparency.
Provide verifiable evidence of security and compliance.
Digital systems are facing increasing demands in terms of security, regulatory requirements and technical control. At the same time, reliance on cloud services, platforms and data flows is growing.
For CONVOTIS, this means designing the architecture, operations and governance from the outset in such a way that control, traceability and clear responsibilities are guaranteed in the long term. These principles are underpinned by structured security concepts, defined compliance frameworks and verifiable evidence in operations.
CONVOTIS operates cloud environments based on data centres in the EU and Switzerland, ensuring control across all levels of the digital stack.
Infrastructure, platform services and identity systems are specifically integrated so that data processing, access and dependencies on external services are technically controlled and transparently mapped.
In addition to regulatory requirements, the architecture also takes into account legal factors such as the US CLOUD Act and ensures that access is clearly controlled, restricted and implemented in a traceable manner.
Control over key layers such as identity, APIs and operating models creates the foundation for stable operations and a clear regulatory classification.
Security is an integral part of the architecture and is implemented across all levels – from identity and access through to platform services, monitoring and operations.
CONVOTIS embeds security mechanisms directly into the control plane: access is centrally managed, system statuses are continuously monitored and policies are consistently enforced.
Implementation is based on established standards such as ISO 27001 and SOC 2, as well as regulatory requirements such as NIS2. This is complemented by clearly defined controls, audit structures and end-to-end risk management during operations.
AI is integrated into clear governance, control and jurisdictional structures.
CONVOTIS integrates AI services into existing security, operational and governance models and regulates access to data, models and interfaces via centralised identity, policy and control mechanisms.
Data flows, training processes and model decisions are systematically controlled, monitored and documented throughout the entire lifecycle.
In addition to established standards such as ISO 27001 and SOC 2, the architecture also takes into account regulatory requirements and legal factors such as the US CLOUD Act, in order to technically prevent and clearly limit uncontrolled access by third countries.
Commitment to robust digital solutions.
As an IT service provider in Europe, we bear responsibility for the stability, security and integrity of the digital solutions we develop and operate for our clients.
This responsibility begins with the architecture and continues through to operations. Clear governance structures, defined standards and controlled operating models form the basis for robust and sustainable solutions.
Trust is built through consistent implementation, transparent structures and the ability to operate digital systems in a controlled manner at all times.
/ José Lopez
Group CEO
Security and control in the workplace.
As CISO, I am responsible for the security of the systems, data and processes that we operate on behalf of our clients.
Our security architecture is based on clear standards, continuous risk management and defined control mechanisms.
Technical controls, monitoring and incident response are firmly embedded in our operations and ensure the traceability and resilience of our solutions. Security is continuously reviewed and enhanced to address current threats and regulatory requirements.
This Trust Center provides an insight into our security measures, policies and documentation.
Certifications, data protection and policies
Here you will find certifications, data protection requirements and policies that ensure safe and compliant operations.
Germany / Austria
Documentation in accordance with the applicable regulatory and data protection requirements.
Switzerland
Documentation in accordance with the applicable regulatory and data protection requirements.
Spain
Documentation in accordance with the applicable regulatory and data protection requirements.
Germany / Austria
Implementation in accordance with the applicable data protection and organisational requirements.
Switzerland
Implementation in accordance with the applicable data protection and organisational requirements.
Spain
Implementation in accordance with the applicable data protection and organisational requirements.
Certain documents, such as SOC 2 reports, are not publicly available for security reasons and are provided on request.
Do you have any questions about security, compliance or architecture?
Get in touch with us.
Whether it’s certifications, data protection requirements or architectural issues: we help you analyse requirements in a structured way, clarify dependencies and make informed decisions.