Compliance

The Frends integration platform is built with regulatory compliance as a foundational principle, ensuring organizations can meet their legal and industry-specific requirements while maintaining operational efficiency.

GDPR and Data Protection Regulations

Built with European regulations in mind, Frends provides comprehensive support for GDPR compliance. The platform offers data residency controls, including EU-only hosting options, ensuring that personal data remains within specified geographical boundaries as required by data protection laws. Organizations can process data entirely on-premises through the hybrid deployment model, maintaining complete control over where sensitive information is stored and processed.

The platform includes specific features for handling Personally Identifiable Information (PII), with configurable logging controls that prevent sensitive data from being inadvertently stored in system logs. This approach helps organizations meet the data minimization and purpose limitation principles central to GDPR and similar privacy regulations.

Industry Standards and Certifications

The platform has ISO 27001:2022 certification, the international standard for information security management systems. This certification validates that Frends maintains a systematic approach to managing sensitive information and ensuring its security through people, processes, and technology controls.

ISO 9001:2015 and 14001:2015 certifications demonstrate that Frends has implemented internationally recognized management systems to ensure consistent quality in its products and services, while also actively minimizing the environmental impact of its operations. These certifications reflect a strategic commitment to continuous improvement, regulatory compliance, and stakeholder satisfaction. By aligning its processes with ethical principles and sustainability goals, the company reinforces its dedication to responsible business practices that benefit customers, communities, and the planet.

EU AI Act Compliance

As the European Union's Artificial Intelligence Act comes into effect, Frends is positioned to help organizations meet these emerging regulatory requirements through its AI governance framework. The platform's approach to AI transparency and explainability directly addresses key AI Act provisions, particularly for high-risk AI systems that require human oversight and clear audit trails.

Frends' AI reasoning logs provide detailed documentation of every AI decision-making process, capturing the "thought process" behind each automated action. This level of transparency is essential for AI Act compliance, as it enables organizations to demonstrate that their AI systems operate within defined parameters and can be audited for bias, accuracy, and fairness. The platform's hybrid deployment model also supports data localization requirements, allowing organizations to keep AI processing within EU boundaries when required.

The semi-deterministic AI orchestration approach used in Frends ensures that AI operates within controlled workflows, with human oversight capabilities built into the process design. This architectural approach aligns with the AI Act's emphasis on human-centric AI systems and provides the governance framework necessary for deploying AI in regulated environments while maintaining compliance with European AI regulations.

Audits and Testing

To continuously validate our security posture, Frends undergoes regular and rigorous testing. We conduct regular internal vulnerability tests and engage a qualified third party operator for an annual platform-level penetration test. Any identified vulnerabilities are addressed based on their risk and severity.

These certifications operation models provide organizations with the confidence that Frends meets internationally recognized standards for security and operational excellence, facilitating compliance with their own regulatory obligations and enabling them to demonstrate due diligence in vendor selection and management.