Compliance and Verified Security¶

Certification

Our commitment to security is validated by independent audits and adherence to stringent international standards. This provides verifiable assurance that the platform is a secure and reliable foundation for your applications.

ISO 27001 Certified¶

Our platform and management processes are ISO 27001 certified. This certification confirms we have implemented a comprehensive Information Security Management System (ISMS) and are committed to continuously improving our security posture, providing you with independently audited assurance. Our ISMS also aligns with key principles from other robust security frameworks, such as ISA/IEC 62443, to provide defense-in-depth security suitable for critical environments.

ISAE 3402 Type II & ISAE 3000¶

Our operational controls are independently audited, and we can provide both ISAE 3402 Type II and ISAE 3000 reports.

ISAE 3402 Type II: This report provides assurance over the design and operational effectiveness of our internal controls over time, which is particularly relevant for customers with financial reporting requirements.
ISAE 3000: This report offers assurance over non-financial information, covering our controls related to data privacy and GDPR compliance.

These reports provide independent verification that our processes meet stringent international standards for security and data handling.

NIS2¶

We help you build NIS2-compliant solutions. Our secure software supply chain, rigorous vulnerability management, and focus on operational resilience ensure the platform meets the heightened security requirements for critical infrastructure and essential services outlined in the NIS2 directive.

Tier III Datacenters¶

The physical infrastructure housing the Contain Platform is designed to meet Tier III standards. This ensures high availability and resilience through N+1 redundancy for power and cooling, as well as concurrently maintainable infrastructure. This design means that individual components can be removed for maintenance without impacting the availability of your services. This design also aligns with the European standard DS/EN 50600 for datacenter facilities and infrastructure.

The platform is designed with data protection in mind, enabling you to meet your GDPR obligations. With features supporting data sovereignty, you control exactly where your data resides. Our commitment to data protection by design and by default provides a strong foundation for your own compliance efforts.

SBOM (Software Bill of materials)¶

We provide full transparency into our software supply chain through the use of SBOMs. An SBOM is a complete, formally structured list of components, libraries, and modules that are used to build our platform. This allows for transparent vulnerability tracking and risk management.