POLICIES & COMPLIANCE

Regulatory requirementsbuilt into the platform

Fluenta One is certified to ISO 27001 and ISO 9001, with controls aligned to GDPR, NIS2, DORA, CSDDD and more — built in and applied automatically to every process.

I'm InterestedRequest a callback
365 days
log retention
35 days
backup recovery window
EU
exclusive data residency
In regulated industries — financial services, pharma, insurance, energy and telecommunication  — software must demonstrably meet security and data-protection requirements. The Fluenta One platform is certified to ISO 27001 and ISO 9001, verified by an independent external audit. Beyond that, its controls are aligned with the requirements of further frameworks — ISO 27017, ISO 27018, ISO 42001, GDPR, NIS2, DORA and CSDDD — so the necessary documentation is generated automatically, giving your organisation a solid foundation for its own compliance.
integrations icon
Regulatory frameworks

Security and quality — certified

Fluenta One is certified to ISO 27001 and ISO 9001, and compliant with leading cloud and AI security frameworks.
ISO 27001 Certified
Information security management system — certified by an independent external audit. Audit documentation is generated automatically.
ISO 9001 Certified
Quality management system — certified by an independent external audit. Governed, traceable processes.
ISO 27017 Compliant
Cloud-specific security controls: multi-tenant isolation, role management, access logging.
ISO 27018 Compliant
Processing of personal data in the cloud is governed and documented.
ISO 42001 Compliant
AI features operate within auditable, governed boundaries. Every AI decision is traceable.
Built to support your compliance
The platform's controls are aligned with the requirements below — so when you pursue your own compliance or certification, the foundation is already in place.
GDPR Data protection

Data is stored exclusively in the EU. Data-subject rights — access, rectification, erasure, portability — are fully supported. ROPA and DPIA documentation is available automatically.

DORA Financial sector

Geo-redundant backups and business-continuity guarantees for financial-sector clients — with a 35-day restore window.

NIS2 Cyber resilience

Supply-chain security requirements and incident-handling protocols are met at platform level. Supplier relationships are traceable and documented.

CSDDD Supply chain

Continuous, documented due diligence across the supply chain: supplier risk assessment, monitoring and auditable remediation records — ready for the 2029 obligation.

deal tracking
How it works in practice

Compliance isn't a separate project — it's a built-in state

New process — automatic compliance

When a new process is created — RFx, contracting or approval — it automatically inherits all security controls. In an audit the documentation can be produced instantly; it is generated continuously.

Cross-framework mapping

A single control set satisfies multiple regulatory requirements at once. ISO 27001 controls map automatically to SOC 2 and GDPR requirements — no parallel work, no duplicated documentation.

Field-level data protection by default

Sensitive data is protected by the platform automatically — no per-process configuration needed. This is a platform-level guarantee, applied uniformly.

Continuous, not a one-off state

Compliance isn't done once a certificate is obtained. The controls apply to every new process, every day — and the documentation updates along with them.

integrations icon
Audit & traceability

Every decision is traceable

Automatic audit evidence

No one needs to gather audit documentation separately. Every approval, change and decision is recorded automatically and immutably — the evidence is available at the press of a button.

Versioned documents and decisions

Every version of business data — quotes, contracts, orders — is retained. You can trace what state a document was in at any time, and what data a decision was based on.

AI decisions are traceable too

When AI proposes input to a decision, its basis and outcome are recorded too. Human responsibility and control remain — AI assists, but the decision is always traceable.

Buyer-side audit log

The data and documents a supplier submits are recorded in full and immutably at the buyer organisation, including every version — so it stays clear what was submitted and when. On an eligible subscription, the supplier also receives a log of their own interactions.

EU data residency — contractually guaranteed

All data is stored exclusively in the European Union, encrypted both at rest and in transit. Data physically never leaves the EU; this is stipulated in the contract. With geo-redundant backups and a 35-day restore window.

integrations icon
  Upcoming regulation

Get ready for the CSDDD with us

From 2029 the Corporate Sustainability Due Diligence Directive (CSDDD) will require affected large enterprises to continuously identify, prevent and address human-rights and environmental risks — not only in their own operations but across the entire supply chain, including suppliers and subcontractors.

Non-compliance can be penalised by up to 5% of global net turnover. A yearly audit is not enough — the regulator can request documentation at any time.
Supplier risk assessment & segmentation
Automatic, with auditable decision outcomes.
Supplier data collection & document handling
Through a secure, traceable supplier portal.
Continuous monitoring
If a supplier's risk rating changes, the platform flags it automatically and triggers a review.
Documenting remedial actions
Every step and decision is traceable from detection to closure.
support icon
FAQ

Frequently Asked Questions about
Policies & Compliance

See Fluenta One's policy & compliance management in action

Book a personalised demo where we'll show how you can optimise your procurement processes with Fluenta One — with regulatory compliance built in.

Let's talk — no strings attached
BLog posts

Read our newest articles

Operational procurement professionals' challenges in the pharmaceutical industry: three structural problems in daily work
Pharma
Digital Transformation
Software with service
Fluenta One access control: beyond roles and passwords
Software with service
Automation
Digital Transformation
Fluenta One in detail
Automation
Software with service
Digital Transformation
Artificial Intelligence
Read more