Compliance & Certifications
Witboost is built and operated within an Integrated Management System aligned with international security and privacy standards.
Certifications & Standards
| Standard | Status | Details |
|---|---|---|
| ISO 27001 | Aligned | Information Security Management System |
| SOC 2 Type II | Aligned | Security, Availability, Confidentiality |
| GDPR | Compliant | EU General Data Protection Regulation |
| EU AI Act | Compliant | Minimal-risk classification |
Security & Privacy Assessments
Agile Lab regularly undergoes third-party assessments:
| Assessment | Frequency |
|---|---|
| Third-Party Penetration Testing | Annual + on significant releases |
| Vulnerability Scanning | Continuous |
| Security Architecture Review | Annual |
| Privacy Impact Assessment | Per-feature during development |
| Sub-Processor Security Evaluation | Ongoing |
Reports and evidence are available upon request under NDA.
Integrated Management System
Agile Lab operates an Integrated Management System (IMS) that includes:
- Information Security Policies — Comprehensive policies covering access control, asset management, cryptography, communications security, and incident management
- Risk Management — Systematic identification, assessment, and treatment of security and privacy risks
- Incident Response — Documented incident response procedures with defined roles, escalation paths, and communication plans
- Business Continuity — Business continuity management aligned with ISO 22301 principles
- Supplier Management — Security requirements for all suppliers and sub-processors
Employee Security
| Control | Implementation |
|---|---|
| Background Checks | Pre-employment screening for all personnel |
| Security Training | Mandatory security awareness training for all employees |
| Confidentiality | All personnel bound by confidentiality agreements |
| Code of Conduct | Company-wide code of conduct enforced |
| Acceptable Use | Clear acceptable use policies for all systems and data |
Regulatory Compliance
GDPR (EU 2016/679)
- Data Protection Officer designated under Article 37
- Privacy by Design and by Default (Article 25)
- Records of Processing Activities maintained (Article 30)
- Data Processing Agreements with all sub-processors (Article 28)
- 72-hour breach notification capability (Article 33)
- Cross-border transfer safeguards via SCCs (Chapter V)
EU AI Act (Regulation 2024/1689)
See AI Governance for full details on Witboost's AI Act compliance posture.
Due Diligence Package
For enterprise customers conducting security reviews, Agile Lab provides a comprehensive due diligence package including:
- Security architecture documentation
- Penetration test executive summary
- Completed security questionnaires (CAIQ, SIG, custom)
- Privacy and data processing documentation
- Sub-processor list
- Business continuity plan summary
- Incident response plan summary
Contact security@agilelab.it to request the package.