Security at
House of Control

At House of Control, security is at the core of everything we do. Our services are delivered as Software as a Service (SaaS), built on a trusted platform where security is embedded throughout the entire software development and delivery life cycle.

As part of Visma, our main product Complete Control is included in the ISO 27001 certified “Visma Cloud Delivery Model (VCDM) and undergoes controls in annual ISAE 3402 type II audits.

We follow rigorous operational practices including penetration testing, vulnerability assessments, and strong access controls to ensure that our systems remain resilient and reliable. Serving customers in highly regulated industries, we recognize that robust security is not optional - it is essential. All measures implemented in our SaaS solution are available to every customer, regardless of industry or size.

Information Security Management System (ISMS)

We manage privacy and security through a structured Information Security Management System (ISMS) designed to safeguard confidentiality, integrity, and availability.

• GDPR compliance: When processing personal data on behalf of customers, House of Control acts as a data processor in accordance with the General Data Protection Regulation (GDPR).
  
  
• ISO 27001 certification: The Complete Control application is ISO 27001 certified, reflecting our commitment to internationally recognized standards for information security management.
  
  
• ISAE 3402 Type II attestation: We have obtained this assurance report, which verifies the effectiveness of our internal controls over time. Reports covering our ISMS and Data Processing Agreement (DPA) are available to customers and their auditors.
  
  
• Framework: Our ISMS is based on the principles and requirements of ISO 27001.
  
  
• Continuous improvement: We conduct an annual audit program to maintain and improve the effectiveness of our ISMS, ensuring continued alignment with industry standards and best practices.
  
  

Operations and Security Processes

Our operational security follows ITIL practices and incorporates controls from the ISO 27000 framework. The most critical processes include:

• Business Continuity Management
  
  
• Access Control Management
  
  
• Change Management
  
  
• Incident Management
  
  

We also follow a DevSecOps approach in the development and maintenance of our SaaS products, ensuring that security is integrated from design to deployment.

Infrastructure & Data Hosting

All House of Control services are delivered via SaaS and hosted on Amazon Web Services (AWS).

• Data is stored in secure AWS facilities, with primary storage in Sweden.

• We also provide a UK sovereign AWS tenant for our customers in the United Kingdom.

• This setup ensures both resilience and compliance with European data protection requirements.

• All data is encrypted both at rest and in transit.

Compliance & data protection

Compliance is central to our security approach.

• ISO 27001 certification underlines our information security management.
  
  
• ISAE 3402 Type II reporting demonstrates the strength of our internal controls.
  
  
• All personal data is processed in accordance with the European Data Protection Act (GDPR).
  
  
• Customers are offered a Data Processing Agreement (DPA) aligned with GDPR requirements.
  
  

These measures provide our customers and partners with confidence in the security and compliance of our services.

Contact / Report a security issue

We are committed to transparency and collaboration in security. If you have identified a potential vulnerability, security concern, or need additional information about our certifications and processes, please contact us at:

Tech support

House of Control
support@houseofcontrol.com

Visma Global SOC
security@visma.com