#open for more workLearn more

Certifications

We have it in writing.

Certifications aren't marketing, they're documentation. Here's what we meet, when we achieved it, and where you can see it.

Security statusLive

EU hosting

Denmark

Encryption

AES-256 · TLS 1.3

Audit trail

HMAC-signed

2FA

Mandatory

Vantacontinuous monitoring100%

Standards

What we meet.

We clearly mark the status of each standard. Certificates are available via the Trust Center.

ISO/IEC 27001:2022

Certified

The international standard for managing information security.

What it covers

  • Access control
  • Cryptography
  • Physical security
  • Supplier management
  • Incident management
  • Business continuity

How we do it

Managed via Vanta with daily automated monitoring and an annual external audit.

Certificate available via the Trust Center.

ISO/IEC 42001

Certified

The world's first international standard for AI Management Systems, published in 2023.

What it covers

  • AI risk assessment
  • Model governance
  • Data quality for AI
  • Transparency
  • Accountability

How we do it

Vanta-managed with a specific AI policy and Anthropic ZDR for Claude.

Where other legal-tech players have AI, we have a certified AI Management System.

GDPR

Compliant

The EU's data protection regulation. Full compliance, built in from the ground up.

What it covers

  • Data storage
  • Consent
  • Retention
  • Atomic deletion
  • Client requests

How we do it

EU data stays in the EU, no transfer to third countries. GDPR requests are generated in under 30 seconds.

Standard DPA available in the Trust Center.

SOC 2 Type II

Certified

An AICPA audit framework. Type II assesses operational effectiveness over an audited operating period.

What it covers

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

How we do it

Audited over an operating period and managed via Vanta with continuous monitoring.

Report available via the Trust Center.

The Danish Bar and Law Society

Compliant

The quality framework and guidelines for electronic case handling.

What it covers

  • Quality framework
  • AML rules
  • Client account rules
  • Conflict checks
  • Ethical walls

How we do it

Functionality built specifically for Danish lawyers. The audit trail is ready for quality inspections.

Functional specification available on request.

Industry standards

We also follow

Beyond the certifications, we work to the recognised security frameworks.

OWASP Top 10

The ten most critical web security risks, addressed in code and review.

CIS Controls

Prioritised controls for information security.

NIST Cybersecurity Framework

A framework to identify, protect, detect and respond.

Roadmap

The next milestones.

  1. 2026

    Penetration testing programme

    Annual tests by external security specialists.

  2. 2027

    SOC 2 Type II

    Operational audit across a 6 to 12 month period.

  3. 2027+

    ISO 27017 + 27018

    Cloud security and protection of PII in the cloud.

Need it for a tender?

Talk to our tech team.

Need the certificates for a tender or vendor review? Request them via the Trust Center, or write to the team directly.

contact@levano.io

Victor Brøgger · CTO, Levano