Designet til at bestå CISO-godkendelsen
Spekir Atlas er bygget så sikkerhedsgodkendelsen bliver det nemmeste i implementeringen, ikke det sværeste.
Clear data boundaries
Each workspace is schema-isolated in EU-hosted PostgreSQL. No cross-tenant queries, no shared connection pools. Your data never mingles with another customer's.
Verifiable controls
Every control is observable without asking us: TLS grades, audit logs, session lists, BYOK fingerprints. Eight specific tests a CISO can run in 30 minutes.
Customer-controlled AI
BYOK lets your workspace send AI requests through your own Anthropic tenant. Fail-closed by default: if your key is invalid, we do not silently fall back to our credentials.
Quick facts
| Data residency | EU (Frankfurt) — Neon PostgreSQL, Vercel fra1/cdg1 |
| Encryption at rest | AES-256 (Neon managed). BYOK on roadmap (Q3 2026) |
| Encryption in transit | TLS 1.3 enforced. HSTS enabled |
| Authentication | Email + password, Google OAuth. SSO/SAML planned Q4 2026 |
| SCIM provisioning | Planned Q4 2026 |
| BYOK (customer keys) | Anthropic provider supported now. Azure/Bedrock planned |
| Audit log retention | 12 months. Append-only, no delete from app code |
| Uptime target | 99.5% monthly. Status at status.spekir.com |
| Breach notification | 24h to affected workspace admins, 72h per GDPR Art. 33 |
| Workspace isolation | Separate schema per workspace, ORM-layer + RLS policies |
What you can verify yourself
- HTTPS everywhere — check TLS configuration via ssllabs.com/ssltest on spekir.com
- HSTS and security headers — verify with securityheaders.com
- EU data residency — request DPA and verify data processing location
- No cross-workspace data access — confirmed by penetration test report on request
- Audit log completeness — export your workspace audit log from Settings > Security
- User session list — view and revoke active sessions from your account settings
- BYOK key fingerprint — verify last 4 chars of SHA-256 match your key after adding
- Sub-processor changes — subscribe to RSS feed at /subprocessors/feed.xml
Documents
Security Architecture v1.0
Full technical architecture, data flows, controls, and incident response.
DPA Template
EU-compliant Data Processing Agreement template. Requires legal review before first signature.
Sub-processor List
Current list of all sub-processors with regions and functions.
Incident Response Policy
Severity classification, response timelines, breach notification procedure.
CAIQ-Lite Self-assessment
Cloud Security Alliance questionnaire responses.
PDFs are being finalized. Contact security@spekir.com to receive documents before public availability.
Certifications roadmap
We are pre-certification. We say this openly because honesty about our maturity level is more valuable than a roadmap badge.
SOC 2 Type I
Q3 2026
Controls documented. Readiness assessment underway with auditor.
SOC 2 Type II
Q1 2027
12-month observation period starts after Type I.
ISO 27001
Q3 2027
ISMS gap analysis planned after SOC 2 Type I milestone.