Skip to content
Attensus
FeaturesPricingSolutionsAbout
Sign inStart free trial
FeaturesPricingSolutionsAbout
Sign in
Start free trial
Security & Compliance

Enterprise-grade security built into every layer

Your supply chain data is among the most sensitive information your organization holds. We treat it that way — with encryption, access controls, and audit trails at every step.

Compliance posture

We design our controls to meet the requirements of the most demanding compliance frameworks.

SOC 2 Road Map

Security controls designed and documented for SOC 2 Type II certification. Audit in progress.

In Progress

ISO 27001 Aligned

Information security management practices following the ISO 27001 international standard.

In Progress

GDPR Compliant

Full EU data protection compliance including data residency options and right-to-erasure support.

Active

Regulatory framework alignment

Attensus is designed to support the compliance obligations of regulated industries. Below is how our platform maps to key EU and international frameworks.

NIS2 Directive

EU Network and Information Security

The NIS2 Directive requires operators of essential services and digital service providers to implement supply chain security measures and report significant incidents. Attensus supports NIS2 compliance by providing auditable evidence of supplier risk assessments, incident tracking with documented response timelines, and exportable reports suitable for competent authority submissions.

Design-Aligned

DORA

Digital Operational Resilience Act

DORA mandates that financial entities maintain ICT third-party risk registers, conduct concentration risk assessments, and document business continuity plans. Attensus directly addresses these requirements: our concentration risk analysis flags single-source and geographic dependencies, while our supplier register and event logs form the audit-ready evidence trail DORA requires.

Design-Aligned

ISO 28000

Supply Chain Security Management

ISO 28000 specifies requirements for a security management system for the supply chain, including threat and risk assessment across the full supplier network. Attensus supports ISO 28000 implementation by providing multi-tier dependency mapping, structured risk assessments per node, and a documented incident management workflow — all exportable for certification reviews.

Design-Aligned

ISO 31000

Risk Management

ISO 31000 provides principles and guidelines for risk management applicable across any organization or sector. Attensus operationalizes the ISO 31000 risk management process — identify, assess, evaluate, treat, monitor — through structured risk registers, coverage matrices, mitigation tracking, and continuous monitoring of the supplier landscape, giving risk managers a single system of record.

Design-Aligned

SOC 2 Type II

In Progress — Target Q4 2026

Service Organization Control 2

SOC 2 Type II is the gold standard for SaaS security assurance, covering the Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity, and Privacy. We have designed our controls environment to meet these criteria and are currently working toward a third-party audit. Our security controls — including access management, encryption, monitoring, and incident response — are documented and operational. We target our first SOC 2 Type II report in Q4 2026.

Controls documented
Complete
Internal audit
In progress
Third-party audit
Q4 2026

Need a detailed compliance mapping document? View our full compliance page or contact our team.

Security features

Defense in depth across every layer — from encryption to access controls to infrastructure monitoring.

Data Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption at rest for all database volumes
  • Encrypted database backups
  • End-to-end encrypted API calls

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Hardware-backed authentication support
  • Granular per-user permissions

Infrastructure

  • Enterprise-grade cloud infrastructure architecture
  • Automated security patching
  • DDoS protection
  • 99.9% uptime target with monitoring

Monitoring & Audit

  • Comprehensive audit logs for every action
  • Real-time security monitoring
  • Intrusion detection systems
  • Regular security assessments

Your data, your control

We take data protection seriously. All customer data is stored in secure, redundant data centers with 24/7 monitoring, backed up daily with 30-day retention, and protected by industry-leading encryption standards. Your data is never shared with third parties without explicit consent, and you can request deletion at any time (right to be forgotten).

Supply chain data is competitively sensitive. We understand this and have designed our data isolation architecture to ensure no cross-tenant data leakage is possible.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@attensus.com. We respond within 24 hours and work with you to address the issue responsibly.

Best practices for your account

Security is a shared responsibility. Here is how you can keep your Attensus organization secure.

Enable multi-factor authentication (MFA) for all users
Use strong, unique passwords and a password manager
Review your audit logs regularly for unusual activity
Limit user permissions to the minimum required for their role
Remove access promptly when team members leave
Report any suspicious activity to support@attensus.com immediately

Questions about our security posture?

Our team is happy to answer detailed security questions for enterprise evaluations.

Talk to our team View pricing
Attensus

Supply chain resilience
for regulated industries.

Platform

  • Features
  • Pricing
  • Security
  • Compliance

Solutions

  • Industries
  • How it works
  • Comparisons

Company

  • About
  • Blog
  • Contact

Legal

  • Privacy
  • Terms
  • Cookies

© 2026 Attensus Intelligence Systems

TwitterGithubLinkedin