Compliance Overview
Laverion maintains a comprehensive compliance program built on internationally recognized frameworks. Our commitment to security, privacy, and ethical conduct is not just a requirement — it's foundational to how we earn and maintain client trust.
GDPR
Compliant
LOPD-GDD
Compliant
ISO 27001 — In Progress
Laverion is currently in the process of obtaining ISO 27001 certification for our Information Security Management System (ISMS). This internationally recognized standard ensures systematic, risk-based processes for managing sensitive information. We expect to complete certification in the near future.
Comprehensive risk assessment and treatment methodology in development
Documented security policies aligned with the standard's 114 controls
Preparing the audit process with an accredited certification body
Continuous improvement cycle driven by periodic internal reviews
SOC 2 Type II — In Progress
Laverion is in the process of obtaining SOC 2 Type II certification. Once completed, this audit will evaluate the operating effectiveness of our controls across five trust service criteria. In the meantime, we apply the principles of these criteria in our daily operations:
Security
Protection against unauthorized access
Availability
System operational and accessible
Processing Integrity
Complete and accurate processing
Confidentiality
Protection of sensitive data
Privacy
Personal data handled responsibly
More information If you have questions about our certification roadmap, contact contact@laveriongroup.com and we will keep you informed about the process status.
GDPR Compliance
Laverion is fully compliant with the EU General Data Protection Regulation. Our GDPR program includes:
Data Protection Officer
Appointed DPO overseeing all data processing activities and compliance
Records of Processing
Maintained Article 30 records for all personal data processing activities
Data Protection Impact Assessments
Conducted for high-risk processing activities before deployment
Breach Notification
Documented process for 72-hour supervisory authority notification
Anti-Corruption & Ethics
We maintain strict anti-corruption policies compliant with the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act 2010.
Zero-tolerance policy for bribery, corruption, and facilitation payments
Annual ethics and anti-corruption training for all employees and partners
Mandatory Code of Business Conduct acknowledgment upon hiring and annually
Third-party due diligence for all agents, intermediaries, and joint ventures
Confidential whistleblower hotline with non-retaliation protections
Vendor & Third-Party Risk
We conduct thorough due diligence on all vendors and subcontractors before onboarding and on a continuous basis. Our vendor risk management program includes security questionnaires, contractual safeguards (including data processing agreements), periodic reassessments, and the right to audit. Vendors are tiered by risk level, with critical vendors subject to enhanced monitoring and annual reviews.
Business Continuity
Laverion maintains a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to ensure service continuity:
| RTO | 4 hours for critical systems |
| RPO | 1 hour for critical data |
| Testing | Semi-annual tabletop exercises and annual full failover tests |
| Backup | Geo-redundant, encrypted, with daily integrity verification |
Reporting Concerns
We encourage all stakeholders — employees, clients, partners, and the public — to report compliance or ethical concerns. All reports are treated confidentially and investigated thoroughly.
Direct contact
+34 722 154 619
Anonymous reporting
Use our confidential reporting portal available 24/7 in multiple languages, with strict non-retaliation protections.