Security & Compliance

Security Built for Regulated Environments.

portier is built for organisations that must prove who had access, when, and why.

Our information security management is independently certified and aligned with European data protection requirements.

Security is not an add-on. It underpins how access is controlled, recorded and enforced across mechanical and electronic environments.

Certification and Standards

ISO/IEC 27001 Certified

portier is certified to ISO/IEC 27001.

Independent certification confirms that our information security management system meets internationally recognised standards for:

  • Risk management
  • Access control
  • Audit logging
  • Incident response
  • Continuous improvement

Certification covers our organisational controls, development practices, infrastructure security and operational procedures.

GDPR / DSGVO Compliant

portier complies with the General Data Protection Regulation.

Our approach includes:

  • Data minimisation and purpose limitation
  • Strong role-based access controls
  • Encryption in transit and at rest
  • Defined data retention policies
  • Support for data subject rights
  • EU-based hosting options

We provide a Data Processing Agreement for customers who require one.

DORA and NIS2 Alignment

portier supports customers operating under European regulatory frameworks including DORA and NIS2.

Our platform and practices support:

  • ICT risk management
  • Third-party oversight
  • Auditability of access changes
  • Clear responsibility assignment

We provide documentation to assist regulated customers in their compliance assessments.

Hosted on Microsoft Azure

portierX is hosted on Microsoft Azure.

  • Data residency in the European Union and Australia
  • Enterprise-grade physical and infrastructure security
  • ISO 27001-aligned hosting environment
  • High availability and redundancy by design

Azure provides the physical and infrastructure foundation. portier applies application-level security and access control on top.

Data Residency and Deployment Options

portier Vision 5

(On-premise)

Customer data is stored on your own infrastructure. You retain full control.

portierX

(Cloud)

Customer data is stored in the European Union or Australia, depending on region and configuration.

This allows organisations to align deployment with internal policy and regulatory requirements.

Operational Security in Practice

Security is not limited to infrastructure. It is embedded in how access is managed.

Within portier:
  • Every access change is logged
  • Approval history is recorded and preserved
  • Access can be removed automatically when required
  • Changes are traceable to a responsible individual
  • Records cannot be altered without leaving evidence

This Applies to

Mechanical Keys
Electronic access systems
Joiner, mover and leaver workflows
Security is expressed through controlled issuing, enforced rules and complete records.

This is how organisations maintain long-term correctness in complex environments.

Security Documentation

Detailed documentation is available through our Trust Center.

Security Documentation:
  • View full control catalogue
  • View subprocessors
  • Download Data Processing Agreement
  • Review security policies
  • Contact the security team

Visit

trust.portierglobal.com

Contact

security@portierglobal.com

The Trust Center provides detailed control mappings, policy documents and audit-related information for due diligence.