Trust Center
Security and compliance are part of CONVOTIS’s DNA.

Here you can gain an insight into the principles underpinning CONVOTIS’s structured approach to architecture, operations and governance. Security requirements, regulatory guidelines and technical controls are all interlinked – from cloud architectures and security concepts to AI governance and compliance.

Ensure transparency.
Provide verifiable evidence of security and compliance.

Digital systems are facing increasing demands in terms of security, regulatory requirements and technical control. At the same time, reliance on cloud services, platforms and data flows is growing.

For CONVOTIS, this means designing the architecture, operations and governance from the outset in such a way that control, traceability and clear responsibilities are guaranteed in the long term. These principles are underpinned by structured security concepts, defined compliance frameworks and verifiable evidence in operations.

Sovereign Cloud

CONVOTIS operates cloud environments based on data centres in the EU and Switzerland, ensuring control across all levels of the digital stack.

Infrastructure, platform services and identity systems are specifically integrated so that data processing, access and dependencies on external services are technically controlled and transparently mapped.

In addition to regulatory requirements, the architecture also takes into account legal factors such as the US CLOUD Act and ensures that access is clearly controlled, restricted and implemented in a traceable manner.

Control over key layers such as identity, APIs and operating models creates the foundation for stable operations and a clear regulatory classification.

Image description
Security Architecture

Security is an integral part of the architecture and is implemented across all levels – from identity and access through to platform services, monitoring and operations.

CONVOTIS embeds security mechanisms directly into the control plane: access is centrally managed, system statuses are continuously monitored and policies are consistently enforced.

Implementation is based on established standards such as ISO 27001 and SOC 2, as well as regulatory requirements such as NIS2. This is complemented by clearly defined controls, audit structures and end-to-end risk management during operations.

Image description
AI Governance & Compliance

AI is integrated into clear governance, control and jurisdictional structures.

CONVOTIS integrates AI services into existing security, operational and governance models and regulates access to data, models and interfaces via centralised identity, policy and control mechanisms.

Data flows, training processes and model decisions are systematically controlled, monitored and documented throughout the entire lifecycle.

In addition to established standards such as ISO 27001 and SOC 2, the architecture also takes into account regulatory requirements and legal factors such as the US CLOUD Act, in order to technically prevent and clearly limit uncontrolled access by third countries.

Image description

Commitment to robust digital solutions.

As an IT service provider in Europe, we bear responsibility for the stability, security and integrity of the digital solutions we develop and operate for our clients.

This responsibility begins with the architecture and continues through to operations. Clear governance structures, defined standards and controlled operating models form the basis for robust and sustainable solutions.

Trust is built through consistent implementation, transparent structures and the ability to operate digital systems in a controlled manner at all times.

/ José Lopez

Group CEO

/ Nicola Dinic

Group CISO

Security and control in the workplace.

As CISO, I am responsible for the security of the systems, data and processes that we operate on behalf of our clients.

Our security architecture is based on clear standards, continuous risk management and defined control mechanisms.

Technical controls, monitoring and incident response are firmly embedded in our operations and ensure the traceability and resilience of our solutions. Security is continuously reviewed and enhanced to address current threats and regulatory requirements.

This Trust Center provides an insight into our security measures, policies and documentation.

Certifications, data protection and policies

Here you will find certifications, data protection requirements and policies that ensure safe and compliant operations.

Germany / Austria

Documentation in accordance with the applicable regulatory and data protection requirements.

Switzerland

Documentation in accordance with the applicable regulatory and data protection requirements.

Spain

Documentation in accordance with the applicable regulatory and data protection requirements.

Germany / Austria

Implementation in accordance with the applicable data protection and organisational requirements.

Switzerland

Implementation in accordance with the applicable data protection and organisational requirements.

Spain

Implementation in accordance with the applicable data protection and organisational requirements.

Germany / Austria

In accordance with applicable regulatory and internal operational requirements.

Switzerland

In accordance with applicable regulatory and internal operational requirements.

Spain

In accordance with applicable regulatory and internal operational requirements.

 

Certain documents, such as SOC 2 reports, are not publicly available for security reasons and are provided on request.

Do you have any questions about security, compliance or architecture?
Get in touch with us.

Whether it’s certifications, data protection requirements or architectural issues: we help you analyse requirements in a structured way, clarify dependencies and make informed decisions.

Find your solution

To top