Where is my validation data physically hosted?

PrismaSec follows a European-oriented approach for platform data. Contractual hosting and subprocessor details are confirmed during customer scoping.

How do you test the security of your own platform?

We apply the same scope reduction, logging, and finding-review principles to our own platform. Available security material is shared during compliance conversations.

Who can access data from my security campaigns?

Access is tied to your company workspace, user roles, and support needs. Sensitive actions are designed to be traceable and limited to the required scope.

What is your data retention policy?

Retention depends on the contracted platform and report configuration. PrismaSec separates operational evidence, generated reports, and audit or security events.

Do you use subprocessors to process my data?

Applicable subprocessor information is shared during contractual scoping and compliance reviews.

Built for Trust.

PrismaSec helps teams document exposures, remediation evidence, and GDPR, ISO 27001, and NIS2 summaries from verified public assets.

Tracked frameworks

Compliance summary

Active

RGPD / GDPR

EU data · remediation evidence

Supported

Reg. 2016/679

ISO 27001

Controls and risk summaries

Mapped

ISO/IEC 27001:2022

Directive NIS 2

Exposure, incidents, and remediation

Prepared

EU 2022/2555

Regulatory frameworks

Frameworks tracked in the platform

PrismaSec helps connect findings, evidence, reports, and remediation to GDPR, ISO 27001, and NIS2 reviews.

GDPR & Privacy

Tracking verified public assets and reports supports conversations about processing security and scope minimization.

Authorized and verified analysis scope
Remediation evidence and report history
Support for processing-security reviews
Data- and security-purpose oriented view

NIS 2 Directive

The platform supports proactive vulnerability management, alert handling, and remediation prioritization.

Continuous risk assessment
Auditable executive reports
Alerts and handling notes
Retests to confirm fixes

ISO 27001 aligned

Technical findings, controls, and remediation evidence help prepare vulnerability and access-management reviews.

Technical vulnerability tracking
Verified asset inventory
Documented correction priorities
Reports for audit conversations

Platform capabilities

Usable evidence for your controls

The platform connects verified assets, findings, reports, alerts, and retests to support GDPR, ISO 27001, and NIS2 reviews.

Data and scope

Checks stay limited to authorized public assets verified by your teams.

Verified domains, web apps, and APIs
DNS TXT or HTTP file challenges to confirm ownership
Infrastructure scopes handled through expert services

Transparency

Frequently asked questions

Clear answers about data, validation scope, and available evidence.

Additional question

Have another question about security or compliance?

Contact the PrismaSec team to get an answer tailored to your context, scope, and internal requirements.

Contact the team

Built for Trust.

Compliance summary

Frameworks tracked in the platform

GDPR & Privacy

NIS 2 Directive

ISO 27001 aligned

Usable evidence for your controls

Data and scope

Access and governance

Reports and remediation

Audit and alerts

Data and scope

Frequently asked questions

Where is my validation data physically hosted?

How do you test the security of your own platform?

Who can access data from my security campaigns?

What is your data retention policy?

Do you use subprocessors to process my data?

Have another question about security or compliance?

Built for Trust.

Compliance summary

Frameworks tracked in the platform

GDPR & Privacy

NIS 2 Directive

ISO 27001 aligned

Usable evidence for your controls

Data and scope

Access and governance

Reports and remediation

Audit and alerts

Data and scope

Frequently asked questions

Where is my validation data physically hosted?

How do you test the security of your own platform?

Who can access data from my security campaigns?

What is your data retention policy?

Do you use subprocessors to process my data?

Have another question about security or compliance?