Skip to main content
Vermont Solutions
Contact

Compliance

Trust Center

Vermont Solutions security, privacy, compliance and certifications hub. ISO 27001/9001/45001, DORA-ready, GDPR/CCPA aligned. For client evaluations.

Last updated:

Certifications

Standard Scope Since Certificate
ISO/IEC 27001:2022 Information Security Management 2021 Disponible bajo NDA
ISO 9001:2015 Quality Management Disponible bajo NDA
ISO/IEC 42001:2023 AI Management System In progress Pending audit
ISO 45001:2018 Occupational Health & Safety Disponible bajo NDA
ISO 14001:2015 Environmental Management 2024 ES57154B
Carbon Footprint (MITECO) Spain's MITECO carbon footprint registry — CALCULATE seal, scopes 1+2 (2024) 2024 2025-a1515

Certificates available upon request under NDA. Email

Carbon footprint registered in Spain's public MITECO carbon footprint registry (code 2025-a1515).

Regulatory alignment

  • DORA Art. 28

    EU 2022/2554 — ICT third-party providers (critical infrastructure)

  • NIS2

    EU Directive 2022/2555 — Network and Information Security

  • AI Act

    EU 2024/1689 — Aligned via ISO 42001 management system

  • GDPR

    EU 2016/679 — Full compliance, DPO appointed

  • CCPA / CPRA

    California — Privacy notice + Do Not Sell mechanism

  • UK GDPR / DPA 2018

    Post-Brexit data protection — supplemental notice

  • PIPEDA

    Canada — Federal privacy law alignment

Responsible AI use at Vermont

We apply to our own operations the same AI governance we implement for clients. This statement covers how Vermont Solutions uses AI internally.

  • Human oversight

    Every output from internally used AI systems is reviewed by people before it is used or published. No decision affecting a person's rights is taken solely by an AI system.

  • ISO 42001 governance

    Internal AI use is framed within our AI management system (ISO/IEC 42001, certification in progress), with an inventory and risk assessment of the systems used.

  • Transparency (EU AI Act, Art. 50)

    We identify AI-generated or AI-assisted content where applicable.

  • Data protection

    We do not use personal or client data to train third-party models without express authorisation.

  • Tooling

    We use AI assistants for software development and content drafting, always with human review before delivery or publication.

Equality, diversity & inclusion

  • Equality Plan

    Registered with the Madrid Regional Labour Authority (file 28/19/0571/2024) under LO 3/2007 + RD 901/2020

  • LGTBI Plan 2024–2026

    Equal opportunity and non-discrimination plan for LGTBI people (Law 4/2023 + RD 1026/2024)

  • Diversity Plan

    Corporate diversity and inclusion plan

  • Human Rights Policy

    Corporate human rights policy

  • Disability Inclusion Programme

    Workplace inclusion programme for people with disabilities

Full documents available on request / under NDA. Email

Legal documents

Data protection (RFP)

Data Processing Agreement (DPA) — model

GDPR Art. 28 template (PDF). Reviewed, completed and signed per engagement.

Download PDF →

Subprocessors list

Public list of website subprocessors with locations and transfer safeguards.

View list →

Compliance contacts

DPO
CISO / Security
Compliance
Whistleblowing
Submit a report →

ESG & Sustainability

ESG strategy aligned with CSRD (EU 2022/2464) for European banking RFPs. Detailed ESG dashboard coming Q3 2026 (see /sobre-nosotros/esg/ ).