Compliance & Certifications
Technspire maintains rigorous compliance with international standards, EU/UK regulations, and industry-specific requirements to ensure your data and operations meet the highest regulatory standards.
Our Compliance Commitment
Technspire is committed to maintaining the highest standards of regulatory compliance across all our services. Our compliance program is built on three pillars:
Proactive Compliance
Continuous monitoring and updates to meet evolving regulatory requirements
Third-Party Validation
Independent audits and certifications by accredited bodies
Transparency
Clear documentation and audit reports available to customers
Security & Privacy Certifications
ISO/IEC 27001:2022
Information Security Management System
Technspire's information security practices are aligned with ISO 27001:2022, the international standard for information security management. Our ISMS covers all aspects of data security, risk management, and continuous improvement.
Scope:
- Cloud infrastructure management
- Software development and delivery
- Managed services and support
- Training and consulting services
Audit Frequency: Annual surveillance audits by external certification body
ISO/IEC 27017:2015
Cloud Security Controls
Extension of ISO 27001 with cloud-specific security controls. Ensures our Azure-based services implement appropriate controls for cloud service providers and cloud service customers.
Key Controls:
- Shared responsibility model clarity
- Virtual machine hardening
- Cloud resource segregation
- Monitoring and logging
ISO/IEC 27018:2019
Cloud Privacy Protection
Code of practice for protection of Personally Identifiable Information (PII) in public clouds. Ensures privacy controls for customer data processed in Azure.
Privacy Commitments:
- No use of customer data for marketing
- Transparency in data processing
- Return or deletion of data upon request
- Location disclosure for data storage
SOC 2 Type II
Service Organization Controls
SOC 2 Type II audit reports demonstrate our controls are not only appropriately designed (Type I) but also operating effectively over time (Type II). Inherited from Microsoft Azure.
Trust Service Criteria:
- Security: Protection against unauthorized access
- Availability: System uptime and performance
- Processing Integrity: Complete, valid, accurate processing
- Confidentiality: Protection of confidential information
- Privacy: Collection, use, retention, disclosure of personal info
Audit Period: Annual audit covering 12-month period | Reports Available: Upon NDA
Regional Compliance (EU/UK/Sweden)
GDPR - General Data Protection Regulation (EU 2016/679)
European Union Data Protection Law
Full compliance with the EU General Data Protection Regulation, ensuring the protection of EU citizens' personal data and privacy rights.
Data Protection Measures
- Data Protection Impact Assessments (DPIA)
- Data Processing Agreements (DPA) with all processors
- EU Standard Contractual Clauses (SCCs)
- Privacy by Design & Default
Data Subject Rights
- Right of access (Article 15)
- Right to erasure (Article 17)
- Right to data portability (Article 20)
- Right to object (Article 21)
Data Breach Notification
Notification to Swedish supervisory authority (Integritetsskyddsmyndigheten - IMY) within 72 hours of becoming aware of a breach. Affected data subjects notified without undue delay if high risk to rights and freedoms.
Supervisory Authority
Integritetsskyddsmyndigheten (IMY) - Swedish Authority for Privacy Protection
Email: imy@imy.se | Website: imy.se
UK GDPR & Data Protection Act 2018
United Kingdom Data Protection Law (Post-Brexit)
UK GDPR came into effect post-Brexit, maintaining similar protections to EU GDPR with minor adjustments for UK context. Technspire complies with both EU and UK GDPR for cross-border data transfers.
UK-Specific Compliance
- UK Adequacy Decision (EU-UK data transfers)
- International Data Transfer Agreement (IDTA)
- UK Addendum to EU SCCs for data transfers
UK Supervisory Authority
Information Commissioner's Office (ICO)
Email: casework@ico.org.uk | Website: ico.org.uk
Swedish Data Protection Act (Dataskyddslag 2018:218)
Swedish National Implementation of GDPR
Complements and supplements EU GDPR with Swedish-specific provisions for processing personal data.
Swedish-Specific Provisions
- Employee personal data processing (Chapter 3)
- Research and archiving purposes (Chapter 4)
- National identification numbers (personnummer)
NIS2 Directive (EU 2022/2555)
Network and Information Security Directive
The revised NIS Directive (NIS2) strengthens cybersecurity requirements for essential and important entities across the EU. Technspire aligns with NIS2 requirements for cloud service providers.
NIS2 Security Measures
- Risk analysis and information security policies
- Incident handling and business continuity
- Supply chain security and supplier relationships
- Cryptography and multi-factor authentication
Incident Reporting: Significant cybersecurity incidents reported to national CSIRT within 24 hours (early warning), full notification within 72 hours, final report within 1 month.
Industry-Specific Compliance
Financial Services
PCI DSS (Payment Card Industry Data Security Standard)
Level 1 compliance for payment processing via Azure
MiFID II (Markets in Financial Instruments Directive)
Data retention and audit trail requirements
DORA (Digital Operational Resilience Act)
ICT risk management for financial entities (EU)
Healthcare & Life Sciences
HIPAA (Health Insurance Portability and Accountability Act)
Azure HIPAA BAA available for US healthcare clients
Patient Data Act (Patientdatalagen 2008:355) - Sweden
Swedish healthcare data protection
EU Medical Device Regulation (MDR 2017/745)
For software as a medical device (SaMD)
Microsoft Azure Compliance Inheritance
Azure Compliance Portfolio
Technspire inherits comprehensive compliance from Microsoft Azure infrastructure
As an Azure-native service provider, Technspire benefits from Microsoft's extensive compliance certifications covering 90+ compliance offerings across global, industry, and regional standards.
Global Standards
- • ISO 27001, 27017, 27018
- • ISO 9001 (Quality Management)
- • SOC 1, 2, 3
- • CSA STAR Certification
- • WCAG 2.0 (Accessibility)
EU/European
- • EU GDPR
- • EU Model Clauses
- • ENS (Spain)
- • G-Cloud (UK)
- • PASF (UK)
Industry Specific
- • PCI DSS Level 1
- • HIPAA/HITECH
- • FedRAMP (US Government)
- • TISAX (Automotive)
- • GxP (FDA 21 CFR Part 11)
Shared Responsibility Model: Microsoft Azure is responsible for security of the cloud (physical infrastructure, network, hypervisor). Technspire is responsible for security in the cloud (data, applications, access control, encryption). Both responsibilities are documented and audited.
Full Azure compliance documentation: aka.ms/AzureCompliance
Security Framework Alignment
NIST Cybersecurity Framework
US National Institute of Standards and Technology
Alignment with NIST CSF 2.0 core functions:
- • Identify: Asset management, risk assessment
- • Protect: Access control, data security, training
- • Detect: Continuous monitoring, anomaly detection
- • Respond: Incident response, communications
- • Recover: Recovery planning, improvements
CIS Controls v8
Center for Internet Security
Implementation of CIS Critical Security Controls:
- • IG1 (Basic): Essential cyber hygiene (100% implemented)
- • IG2 (Intermediate): Enterprise security program
- • IG3 (Advanced): Advanced threat protection
Includes inventory management, secure configuration, vulnerability management, MFA, and incident response.
Audit & Assessment Schedule
- • ISO 27001 surveillance audit (external certification body)
- • SOC 2 Type II audit (independent CPA firm)
- • Penetration testing (third-party security firm)
- • Business continuity & disaster recovery testing
- • Internal security audits
- • Access rights review and recertification
- • Disaster recovery drills
- • Vendor security assessments
- • Vulnerability scans
- • Security metrics review
- • Compliance dashboard updates
- • Security awareness training modules
- • Automated security monitoring (continuous SIEM)
- • Threat intelligence feeds
- • Compliance automation checks
- • Log analysis and alerting
Compliance Documentation
Available Documentation for Customers
Compliance evidence and audit reports upon request
Available Upon NDA:
- • SOC 2 Type II audit reports
- • Penetration test reports (executive summary)
- • Security policies and procedures
- • Business Impact Analysis (BIA)
- • Disaster Recovery Plan (DRP)
Standard Documentation:
- • Data Processing Agreement (DPA)
- • Service Level Agreement (SLA)
- • Acceptable Use Policy (AUP)
- • Incident response procedures
- • Azure compliance attestations
Security Questionnaires: We respond to customer security questionnaires (RFPs, vendor assessments, CAIQ, SIG, etc.) as part of our sales process. Contact compliance@technspire.com for documentation requests.
Continuous Compliance Improvement
Compliance is not a one-time achievement but an ongoing commitment. Our compliance program operates on a continuous improvement cycle (Plan-Do-Check-Act):
- Plan: Identify new regulatory requirements, assess gaps, plan remediation
- Do: Implement controls, update policies, train personnel
- Check: Internal audits, monitoring, metrics, external assessments
- Act: Corrective actions, process improvements, lessons learned
We monitor regulatory changes through industry associations, legal counsel, and Microsoft compliance updates to proactively adapt our compliance posture.
Compliance & Audit Contact
Compliance Team: compliance@technspire.com
Data Protection Officer (DPO): dpo@technspire.com
General Inquiries: admin@technspire.com
Phone: +46 722 52 52 53
Address: Markörvägen 1a, Stockholm, Sweden
For compliance documentation requests, audit reports, or to discuss specific regulatory requirements for your industry, please contact our compliance team. Response time: 2 business days.
Last Updated: January 1, 2025
This compliance page is reviewed quarterly and updated as certifications are renewed or new regulations are adopted.