REGULATORY MAP
The standards Haltless maps to
One overview for procurement. Every standard the platform interacts with, summarised, with a pointer to where the operational detail lives.
01 · SECURITY AND DATA PROTECTION
Information-security posture
Three security-side standards Haltless aligns to. The Trust & Security Center page covers the operational controls in detail; the entries below summarise our posture against each.
SOC 2 Type II
Not yet certified. The platform operates against the Trust Services Criteria for security, availability, and confidentiality, with documented logging, alerting, and incident-response procedures that are reviewed continuously and exercised through tabletop drills.
Trust & Security CenterISO/IEC 27001
Not yet certified. The information security management system follows the controls defined in the standard, with documented risk assessments, access reviews, vendor due diligence, and change management.
Trust & Security CenterGDPR and UK GDPR
Haltless Kft. is a GDPR-aligned processor. A signed Data Processing Addendum, EU data residency by default, and incorporated SCCs Module 2 together with the UK IDTA and the China Standard Contract are available out of the box.
Privacy Policy02 · MANUFACTURING AND QUALITY
Sector standards the platform supports
Five standards that come up across regulated manufacturing. For each one, what Haltless provides out of the box and what remains the customer's responsibility.
ISO 9001 · Quality management
Work orders carry status, priority, assigned operator, due date, and a digitally signed completion record. Every signoff is hashed with SHA-256 over the canonical payload and chained into the audit log with HMAC-SHA256. The quality manual and the audit programme remain the customer's responsibility.
FDA 21 CFR Part 11 · Electronic signatures
Digital signoffs on work orders are computed as SHA-256 hashes over a canonical payload that captures the actor, action, target resource, and timestamp. Combined with the tamper-evident audit chain and per-tenant Row-Level Security, the signatures meet the computer-system-validation-ready bar that Part 11 expects. System validation remains the customer's responsibility.
IATF 16949 · Automotive quality
Tier-1 automotive suppliers can attach Haltless work orders, parts-consumption records, and signed completion records to their PPAP and warranty-traceability packages. The seven-year audit-chain retention covers the warranty-traceability window most OEMs require.
HACCP and FSSC 22000 · Food safety
CIP completion records, sanitation cycles, and shift handovers are signed and held in the audit chain. The food-safety auditor receives a chronological record with reproducible signatures rather than a binder of paper checklists. The plant-specific HACCP plan and its validation remain the customer's responsibility.
GMP · Good Manufacturing Practice
Maintenance work orders, parts-from-inventory consumption, calibration events, and digitally signed completion records combine to give the QA function a GMP-ready operational trail. Process validation, equipment qualification, and the quality manual remain the customer's responsibility.
03 · AI AND EMERGING REGULATION
EU AI Act and adjacent regimes
We do not use neural networks. The prediction engine is three deterministic detectors. The implications for the emerging AI regulation are direct.
EU AI Act · Regulation (EU) 2024/1689
Our predictive-maintenance scoring is deterministic and explainable, not a foundation model and not a black-box neural network. The scoring formula is disclosed on request. The scoring is designed to evaluate machines, not natural persons, so Annex III (employment) does not apply. Under the August 2026 transparency obligations, we will disclose any model-based output that affects a natural person; today, none does.
What we will not claim
We do not currently hold formal third-party certification to any of the standards above. We map our controls and platform capabilities to their requirements, but we will not display certification badges or claim certified status until an external auditor has signed off.
Send us your questionnaire
For audit questionnaires, supplier security reviews, or specific compliance-evidence requests, write to privacy@haltless.io.