Compliance

EU General Data Protection Regulation. SentriKat acts as data processor for SaaS customers; an on-premises deployment processes no personal data externally.

Swiss Federal Act on Data Protection. Equivalent safeguards to GDPR, applied to Swiss and EU residents.

Articles 12 (EU vulnerability database) and 21 (risk-management measures). SentriKat ships signed NIS2 gap reports out of the box.

Digital Operational Resilience Act. SentriKat supports ICT risk management and third-party register reporting for regulated financial entities.

Information Security Management System. Gap assessment complete, external certification audit scheduled.

Security, availability, and confidentiality Trust Services Criteria for the SaaS platform.

Mandatory from 11 September 2026. SentriKat publishes CycloneDX and SPDX SBOMs for every release and tracks vendor advisories for embedded components.

Known Exploited Vulnerabilities catalog. SentriKat ingests the CISA KEV feed daily and ships signed BOD 22-01 reports.

Relevant controls for vulnerability management (Req. 6, 11). SentriKat exports evidence in JSON and PDF with HMAC-SHA256 integrity.