Compliance

Verified Compliance

An independent auditor has confirmed that we comply with GDPR and protect your data correctly.

Ongoing Security Audits

Our security measures are reviewed annually by an external auditor to ensure continuous compliance.

Trust & Transparency

Demonstrate to customers and partners that your data is handled securely and in compliance with regulations.

Lower Risk & Less Admin Work

Reduce the risk of GDPR violations and minimize the need for internal audits of your data processors.

Competitive Advantage

A certified provider shows customers that you take data security seriously and follow best practices.

Protect Your Reputation

Lack of certification can raise concerns about data security and weaken your market credibility.

See our certificates

We care about your data

 

At Raptor, we process large amounts of data – both for our users and their end customers. This is a great responsibility that requires the highest level of data security.  

For transparency, and to show that we fully comply with GDPR, we have chosen to have an external auditor review our efforts within the protection of customer data (also called an ISAE 3000 report). 

Why it matters

 

Why choose an ISAE 3000 compliant vendor?

ISAE 3000 compliance ensures that we as a vendor follow strict guidelines for managing and securing sensitive data. This certification means that an independent auditor has verified our processes, giving you peace of mind and reducing risks.

 

For you, this means: 
  • Stronger security and compliance – Ensures that we as your vendor follow best practices to protect sensitive data and meet legal regulations.

  • Competitive advantage – Show your customers and partners that you prioritize data security by choosing vendors that protect their data.

  • Reduced Risk and liability – Poor data protection comes with higher risks of data breaches, significant regulatory fines, and reputational damage.

What is ISAE 3000 Type I and Type II

 

An ISAE 3000 certificate is your guarantee that Raptor follows all processes related to GDPR and compliance correctly and responsibly.

As a Raptor customer, this implies that you can feel safe leaving data in our hands.

The ISAE 3000 certificate stands for compliance with current laws and regulations. Failing to live up to conditioned standards as part of this certificate is therefore also a compromise with the control of customers’ personal data. At Raptor, we strongly advocate for the highest level of control regarding personal data to ensure consumer trust and a sustainable environment for businesses to operate.

Raptor’ ISAE 3000 Type I and Type II certificates are available to read below (in both Danish and English):

Read our ISAE 3000 type I report (EN)
Read our ISAE 3000 type I report (DK)
Read our ISAE 3000 type II report (EN)
Read our ISAE 3000 type II report (DK)
Read our privacy policy
Read how we use cookies

Summary of the Audit of the Sub-Processor pursuant to the Raptor Data Processing Agreement section C.8

Date: 21.01.2026

Auditor: Dennis Benneballe Arnold-Grade

Sub-Processors

As Microsoft with their services Azure, Azure DevOps and M365, is the only sub-processor in use for processing personal data on behalf of the data controller, this audit summary pertains only to Microsoft (hereinafter referred to as “MS”).

Audited Compliance Documentation

MS has made available on their servicetrust-page (https://servicetrust.microsoft.com/) a number of compliance documents.

Raptor Services A/S (“Raptor”) as data processor has chosen to focus on the following types of compliance documents:

  • Documents from the ISO 27000-family of standards
    • ISO 27001, 27017, 27018, 27701 certificates, SoA’s and reports (for Azure)
    • ISO 27001 SoA for Azure DevOps
  • SOC-documents
    • SOC 1 type II, SOC 2 type II and SOC 3 reports as well as SOC bridge letter for Azure
    • SOC bridge letter for Azure DevOps
    • SOC 1, SOC 2 and SOC 3 reports as well as SOC bridge letter for M365

Method of audit

Raptor has reviewed the above-mentioned compliance documents and focused the attention on whether certificates are still valid and their scope still relevant and sufficient.

In terms of SOC-reports, Raptor has focused on the identified “Exceptions noted” as well as MS’ management responses to those exceptions.

Due to the complex nature and size of the services, there are a great number of exceptions noted, many of which are not directly related to Raptor’s use of the services. Therefore, the audit was focused on whether there are unbridged gaps in compliance or unmitigated issues.

Conclusions of the audit

None of the security certificates have given rise to any follow-up action by Raptor.

Raptor has identified areas in the SOC reports that are in need of monitoring and some areas that have not been fully mitigated since the last audit.

Some of those areas are:

  • Secure development life cycle
  • Change management
  • Backup management
  • Key and secret rotation
  • Vulnerability management
  • Physical security
  • Access management
  • Alerting

Raptor has decided to follow up on the identified exceptions by taking into account in the next audit, whether the same issues persist to be exceptions noted in the next SOC audit reports.

Closing remarks

Raptor remains invested in ensuring that security and compliance obligations laid down in the Raptor Data Processing Agreement will be reflected in obligations towards the sub-processors.

Due to the high level of security at MS, Raptor is confident that these obligations are fulfilled sufficiently.

Any Questions?

We are always happy to help, so feel free to contact us if you have any questions regarding our ISAE 3000 certification or compliance.

Kirsten er partner i Raptor Services

Call our Compliance Officer Kirsten on phone: +45 20 40 80 20 if you have any questions.