OBSΞDIΛNSecurity Platform
Enterprise Compliance Ready

Compliance & Security Standards

Obsedian maintains the highest levels of compliance and security standards to protect your data and meet regulatory requirements across industries and regions.

6+
Certifications
99.9%
Compliance Score
24/7
Monitoring
Last updated: September 30, 2025

Table of Contents

Quick Actions

Compliance Overview

At Obsedian, compliance isn't just about meeting requirements—it's about building trust through transparent security practices and robust governance. We maintain comprehensive compliance programs that align with global standards and regulations.

Our Compliance Philosophy

  • Proactive compliance management that exceeds minimum requirements
  • Continuous monitoring and improvement of security controls
  • Transparent reporting and third-party validation
  • Global compliance coverage for international operations

Certifications & Standards

We maintain multiple industry-recognized certifications and adhere to international security standards to ensure the highest level of protection for your data and operations.

Certified

SOC 2 Type II

Annual examination of security, availability, and confidentiality controls

Validity: Valid through Dec 2025
Certified

ISO 27001:2013

International standard for information security management systems

Validity: Valid through Jun 2026
Compliant

GDPR Compliance

European Union General Data Protection Regulation compliance

Validity: Continuously monitored
Compliant

CCPA Compliance

California Consumer Privacy Act requirements

Validity: Continuously monitored
Available

HIPAA Ready

Healthcare data protection capabilities and controls

Validity: On-demand activation
In Progress

PCI DSS

Payment Card Industry Data Security Standard

Validity: Expected Q1 2026

Certification Timeline

Recent Achievements

  • • SOC 2 Type II renewed (September 2025)
  • • ISO 27001 surveillance audit passed (August 2025)
  • • GDPR compliance assessment completed (July 2025)
  • • Security framework enhancement (June 2025)

Upcoming Milestones

  • • PCI DSS Level 1 certification (Q1 2026)
  • • ISO 27001 recertification (Q2 2026)
  • • FedRAMP authorization (Q3 2026)
  • • CSA STAR certification (Q4 2026)

GDPR Compliance

We are fully compliant with the European Union's General Data Protection Regulation (GDPR), ensuring the highest standards of data protection for our European customers and users.

Data Protection Principles

  • Lawfulness: Processing based on valid legal grounds
  • Purpose limitation: Data used only for specified purposes
  • Data minimization: Only necessary data is collected
  • Accuracy: Data is kept accurate and up-to-date
  • Storage limitation: Data retained only as long as necessary
  • Security: Appropriate technical and organizational measures

Individual Rights

Right of Access

Request copies of personal data

Right to Rectification

Correct inaccurate information

Right to Erasure

Request deletion of personal data

Right to Portability

Export data in machine-readable format

Right to Object

Object to certain processing activities

GDPR Implementation

  • Dedicated Data Protection Officer (DPO)
  • Comprehensive data processing records
  • Privacy by design and by default
  • Data Protection Impact Assessments (DPIAs)
  • Breach notification procedures (<72 hours)

Data Transfers

We ensure adequate protection for international data transfers through:

  • • Standard Contractual Clauses (SCCs)
  • • Adequacy decisions where applicable
  • • Binding Corporate Rules (BCRs)
  • • Additional safeguards and assessments

Contact Our DPO

For GDPR-related inquiries, contact our Data Protection Officer:

dpo@obsedian.live

SOC 2 Type II

Our SOC 2 Type II certification demonstrates our commitment to maintaining robust controls for security, availability, processing integrity, confidentiality, and privacy protection.

Trust Service Criteria

Security
Protection against unauthorized access
Certified
Availability
System and service availability as agreed
Certified
Processing Integrity
Complete, valid, accurate processing
Certified
Confidentiality
Protection of confidential information
Certified
Privacy
Collection, use, retention, and disposal of personal information
Certified

Audit Information

Audit Firm:Coalfire Systems
Audit Period:Oct 2024 - Sep 2025
Report Date:September 30, 2025
Next Audit:September 2026

Key Controls

  • Multi-factor authentication requirements
  • Encryption of data in transit and at rest
  • Regular vulnerability assessments
  • Incident response procedures
  • Change management processes
  • Business continuity planning

Audit Results

Our most recent SOC 2 Type II audit resulted in zero exceptions across all trust service criteria, demonstrating our strong control environment and commitment to security excellence.

ISO 27001

Our ISO 27001:2013 certification validates our Information Security Management System (ISMS) and demonstrates our systematic approach to managing sensitive information and security risks.

ISMS Framework

1
Plan
Establish security objectives and policies
2
Do
Implement security controls and procedures
3
Check
Monitor and measure security performance
4
Act
Improve security controls based on results

Security Controls

14 Control Categories Implemented:

Information Security Policies
Organization of Information Security
Human Resource Security
Asset Management
Access Control
Cryptography
Physical Security
Operations Security
Communications Security
System Development
Supplier Relationships
Incident Management
Business Continuity
Compliance

Certification Details

Certification Body
BSI (British Standards Institution)
Certificate Number
IS 734567
Valid Until
June 15, 2026

Risk Management

Our comprehensive risk management framework ensures systematic identification, assessment, and mitigation of security and operational risks across all business functions.

Risk Assessment Process

Identification
Systematic identification of potential risks
Analysis
Assessment of likelihood and impact
Evaluation
Risk prioritization and categorization
Treatment
Implementation of mitigation strategies
Monitoring
Continuous risk monitoring and review

Risk Categories

Operational RiskLow
Technology RiskLow
Cybersecurity RiskMedium
Compliance RiskLow
Financial RiskLow
Reputational RiskLow

Mitigation Strategies

  • Multi-layered security controls and defense in depth
  • Regular security awareness training and education
  • Continuous monitoring and threat intelligence
  • Business continuity and disaster recovery planning
  • Vendor risk management and due diligence
  • Regular penetration testing and vulnerability assessments

Risk Governance

Risk Committee
Quarterly risk assessment reviews
Executive Oversight
Monthly risk dashboard reporting
Board Reporting
Annual risk posture assessment

Risk Appetite

We maintain a low risk appetite for security and compliance matters, with zero tolerance for data breaches and regulatory violations.

Compliance Contact

For compliance-related inquiries, certification requests, or audit coordination, please contact our dedicated compliance team.

Compliance Team

compliance@obsedian.live
+1 (555) 123-4567 ext. 200
Obsedian Security, Inc.
123 Security Boulevard
San Francisco, CA 94105

Quick Actions

Compliance Updates

Stay informed about our compliance status, new certifications, and regulatory updates. We regularly publish transparency reports and compliance updates.