Q: Is there any technical documentation available regarding compliance?
A: Yes. Microsoft provides compliance documentation and audit reports through the Azure Trust Center and Service Trust Portal. System-specific compliance documentation (GDPR measures, security configuration, and policies) can be shared under NDA.
Related Articles
API documentation
Goal Open the API documentation for the system. Procedure Step 1: Open the API documentation Open your web browser and go to http://api.omikai.com. Bookmark the page so you can find the API documentation quickly in the future. If the page does not ...
Q: Is there a documented Disaster Recovery Plan?
A: Yes. A documented and tested Disaster Recovery Plan (DRP) exists, aligned with Azure Site Recovery (ASR) best practices. The DRP defines escalation paths, responsibilities, and technical procedures for service restoration.
Q: What controls are in place to prevent unauthorised access?
A: Controls include conditional access (IP whitelisting, device compliance policies), Just-In-Time (JIT) access for virtual machines, continuous threat detection with Microsoft Defender for Cloud, and regular access reviews.
Q: Are mechanisms such as multi-factor authentication (MFA), VPN, or certificates used?
A: Yes. Remote access uses Azure Active Directory (AAD) with modern authentication protocols (OAuth 2.0 / OpenID Connect). All logins require username and password, and Multi-Factor Authentication (MFA) could be enforced. Certificates and conditional ...
Q: Does the system comply with regulations such as GDPR or other applicable standards in Spain and the EU?
A: Yes. Azure services are GDPR-compliant, and all customer data is hosted within the EU. Data protection impact assessments (DPIAs) are conducted where required. The system also follows ISO 27001, SOC 1/2/3, and other Azure compliance frameworks.