Trust Center

Audit-ready,
every day of the year.

Browse the certifications, controls, and documents behind every Netsec service. Compliance is not an annual project here. It is the operating system. Reports below are continuously refreshed and available on request.

Request reportsSee certifications
3 + 1
Active + planned
99.99%
Production uptime
24/7
SOC coverage
EU
Primary residency
Approach

Compliance as an operating system, not a project.

Every Netsec control is evidenced, owned, and reviewed on a fixed cadence. That is what lets us hand a security questionnaire back to your team within one business day, not three weeks.

Continuous monitoring

Controls are evidence-collected daily by automated tooling. Drift triggers a ticket to the operator on call, not a yearly scramble before audit week.

One accountable owner

Compliance, security, and IT roll up to a single CISO function. No passing tickets between auditor, MSP, and compliance vendor.

Customer-grade evidence

If your auditor asks for it, we have it ready: control matrix, risk register, last access review, last DR test outcome, and the change-management trail.

Certifications

Externally audited. Independently signed.

Each certification listed below is held by Netsec (Barbican SAS) and issued by an accredited third party. Reports are available under NDA.

  • ISO/IEC 27001

    Information Security Management

    Active

    Independent attestation that Netsec operates a documented Information Security Management System covering risk, access, cryptography, supplier, and incident controls across the full service.

    Last audit
    Audited Mar 2026
    Request report

  • ISO 9001

    Quality Management

    Active

    Continuous improvement, customer-focus, and process discipline, externally certified. Drives our SLAs, change-management, and the way we measure operator performance.

    Last audit
    Audited May 2026
    Request report

  • SOC 2 Type II

    Trust Services Criteria

    Planned

    AICPA report covering Security, Availability, and Confidentiality criteria over a rolling 12-month observation window. Readiness assessment complete; the observation window opens in Q4 2026 with an independent CPA firm.

    Last audit
    Planned for Q4 2026
    Request report

  • GDPR

    EU 2016/679 alignment

    Active

    Full GDPR programme: lawful-basis register, data-mapping, DPIA workflow, breach 72-hour drill, and a signed DPA template ready before contract.

    Last audit
    Reviewed quarterly
Controls

Six domains, always on.

Our control matrix maps every requirement from ISO 27001 Annex A and the SOC 2 Trust Services Criteria. Below is the human version.

01

Data protection

Customer data is encrypted at rest (AES-256) and in transit (TLS 1.2/1.3). Tenant isolation enforced at the storage layer; backups encrypted with a separate key chain.

  • AES-256 at rest, TLS 1.2/1.3 in transit
  • Per-tenant encryption keys
  • Daily backups, 30-day retention
02

Identity & access

Zero-trust posture with hardware-backed MFA for every operator. Production access is JIT, brokered through a privileged-access workflow, and recorded.

  • FIDO2 hardware keys mandatory
  • Just-in-time privileged access
  • Quarterly access reviews
03

Infrastructure

EU-hosted on tier-1 hyperscalers with redundancy across two availability zones. Infrastructure declared in code; every change traceable to a reviewed pull request.

  • EU primary region, multi-AZ
  • Infrastructure-as-Code, peer-reviewed
  • Hardened baseline images
04

Vulnerability management

Continuous scanning of code, containers, and cloud configuration. Patch SLAs locked by severity; quarterly third-party penetration test on production scope.

  • SAST + SCA + secret scanning on every PR
  • Critical patches in 1 day, high in 3, medium in 7
  • Annual external pentest + red team
05

Incident response

24/7 SOC paged through redundant channels. Tier-1 acknowledgement under 15 minutes, with a 72-hour breach-notification clock that maps directly to GDPR Art. 33.

  • 24/7 monitoring, named on-call operator
  • MTTR median under 14 minutes
  • GDPR Art. 33 breach playbook
06

Resilience & continuity

Documented BCP and DR plans, tested twice a year against measurable RTO/RPO targets. Runbook outcomes are filed in our quality system, not just the wiki.

  • RTO 4h / RPO 1h on production
  • Bi-annual failover exercises
  • Tabletop drills tied to ISO 22301
Document library

Everything your auditor will ask for.

Public documents are downloadable below. Audit reports and tested plans are shared under NDA. Request access and we will deliver the latest version within one business day.

Reports

Audit reports and third-party attestations.

  • ISO 27001 certificate

    PDFPublic

    Latest signed certificate from our accredited auditor, including scope statement and validity period.

  • ISO 9001 certificate

    PDFPublic

    Quality Management System certification covering our service delivery scope.

Policies

ISMS policies that govern day-to-day operations.

  • Information Security Policy

    PDFNDA

    Top-level ISMS policy ratified by the leadership team. Reviewed annually.

  • Business Continuity & Disaster Recovery plan

    PDFNDA

    Tested response procedures, RTO/RPO targets, and last exercise outcome.

  • Acceptable Use Policy

    PDFNDA

    Operator code of conduct: data handling, device hygiene, AI tooling rules.

Legal

Contracting templates and processor disclosures.

  • Data Processing Agreement (DPA)

    PDFNDA

    GDPR-compliant DPA template with EU Standard Contractual Clauses pre-attached.

  • List of subprocessors

    PDFNDA

    Up-to-date register of every subprocessor with role, location, and safeguard.

Talk to security

A specific question?
You will get a specific answer.

Security questionnaires, custom DPAs, vendor onboarding. Write to us and we will route you to the operator who can sign on the line.

Contact usBook a call (opens in new tab)