Security & privacy architecture

Overview of our measures to keep your data safe

ISO 27001:2022

Since 2021, Orion Intelligence is certified for ISO 27001: Information Security Management. This certification confirms that we have implemented adequate processes and infrastructure for secure data handling.

ISO 27701:2019

Since 2021, Orion Intelligence also holds certification for ISO 27701: Privacy Information Management. This certification ensures our compliance with various privacy regulations globally.

EN 50518

For alarm monitoring centers: the use of the Orion Intelligence platform is compliant with European Norm 50518 (amendment A1:2023)

Security penetration testing

Regular security penetration tests are conducted on our platform and infrastructure by an external party. Our latest reports have awarded us the highest possible mark for security.

Data deletion policies

What you don't have can't be stolen. Our platform enforces strict deletion policies to remove Personally Identifiable Information (PII) as soon as it is no longer needed, minimizing the risk of data breaches.

Privacy compliance

Orion Intelligence is explicitly compliant with the EU's and UK's GDPR, United States' Federal data legislation, Canada's PIPEDA, Swiss Federal Act on Data Protection, and the Australian Privacy and Data Protection Act.

Global data segregation strategy

Our infrastructure is globally segregated to ensure data remains within the legal boundaries. For instance, EU data is hosted within the EU, US data within the US, and Canadian data within Canada, etc.

Data processing agreements (DPA)

With each contract, a data processing agreement is concluded. Orion Intelligence has a standard DPA but is also willing to collaborate with customers' legal and privacy teams to accommodate their specific DPA requirements.

CiTiP

Orion Intelligence has a close link with CiTiP, the Centre for IT & IP Law at the University of Leuven (KUL). CiTiP researchers are renowned for their contribution in drafting the EU's GDPR as well as the EU's AI Act.

Multi-Factor Authentication (MFA)

Orion Intelligence employs Multi-Factor Authentication (MFA) to enhance security. By requiring multiple forms of verification, we ensure that only authorized users can access sensitive data and systems.

Least Access Privilege

We implement a least access privilege model, granting users the minimum access necessary to perform their tasks. This approach minimizes potential security risks by restricting unnecessary access to sensitive information.

Privacy by design

Orion Intelligence works together with the DistriNet research unit of the University of Leuven (KUL) on a privacy-by-design methodology.

Encryption at rest & in transit

All data transferring in and out of our platform is encrypted, as is data stored on our systems, adhering to the latest industrial standards.

The EU AI Act

Orion Intelligence's solutions are in the Limited Risk category of the EU's regulatory framework.

eu-ai-act.001.png

Under the EU AI Act, Orion Intelligence, positioned at the "Limited risk" level, must adhere to specific transparency obligations. These requirements ensure that the AI systems, including voicebots, are used in a manner that is open and understandable to users. For Orion Intelligence, transparency means clearly communicating the nature and purpose of their AI systems, ensuring that users are aware when they are interacting with AI rather than a human. This obligation helps build trust and accountability, aligning with the EU's goal of making AI safe, transparent, and traceable.

How Orion Intelligence Addresses Transparency Requirements

  • Disclosure of AI Interaction: Users are explicitly informed when they are interacting with an AI system, ensuring they are aware they are not communicating with a human.
  • Purpose Explanation: The specific purpose of the AI system is clearly explained to users, allowing them to understand the intent and limitations of the voicebot services.

  • Data Use Transparency: Information on how user data is collected, stored, and processed is provided, ensuring compliance with data privacy regulations and building user trust.

  • Reporting and Accountability: Mechanisms are in place for users to report issues or concerns about the AI system's operation, ensuring accountability and continuous improvement.