Skip to content

Security & compliance

Compliance is built into how we operate.

From data governance to independent audits, we hold ourselves to the standards our customers must meet. That's why the most regulated industries trust us.

  • ISO/IEC 27001:2022 certification

    ISO/IEC 27001:2022

    We're ISO 27001 certified, with audited controls across our information security management system. All systems use strict change management, access control, and continuous monitoring, validated annually.

  • GDPR compliant

    GDPR

    We operate under full GDPR oversight with strict data-minimization, encrypted in transit and at rest, access governance, and auditability across all processing. All data handling follows EU privacy requirements.

Responsible AI

Aligned with the requirements of the EU AI Act.

We summarise and surface policy signals. You decide what they mean and what to do next. Our design choices follow the AI Act's principles for transparency, human oversight, and data governance.

  • Human oversight by design

    Prismos surfaces and summarises; your team decides. Nothing is flagged, ranked, or acted on without a person in the loop.

  • Transparent, traceable outputs

    AI-generated content is labelled and links back to the source, so you can always verify what the model saw.

  • Governed data and models

    Your data is never used to train third-party models. We document every provider we rely on and restrict who can reach your data.

Questions that come up in security reviews.

  • Where is our data hosted?

    All data is stored within the European Union.

  • Do you use our data to train AI models?

    No. Your data is never used to train our own or third-party models. Model providers process content only to return results to you, under contractual data-protection terms.

  • Are you ISO 27001 certified, and can we see the certificate?

    Yes. Prismos is ISO/IEC 27001:2022 certified and audited annually. The certificate is available on request through our Trust Center.

  • Will you sign a Data Processing Agreement?

    Yes. We provide a GDPR-compliant DPA covering processing scope, sub-processors, security measures, and data-subject rights.

  • Who are your sub-processors?

    We maintain a documented, up-to-date list of sub-processors in our Trust Center, and notify customers of material changes.

  • Can we conduct our own security review?

    We welcome security questionnaires and can arrange a technical briefing with our team.

Talk to the team

Talk to us about your security requirements.

A 30-minute session with the team to walk through our controls, answer your security questionnaire, and map Prismos to your compliance needs.

Need the paperwork?

Get the security documentation.

Visit our Trust Center for the ISO 27001 certificate, sub-processor list, and data processing agreement.