Global Compliance & Trust

Master Global Compliance & Data Matrix

Component

Location

Compliance standard

Access Level

Infrastructure

AWS Hosting

Client- Selected
Region

ISO 27001,
SOC 2

Encrypted: Zero
Access

Analytics

Axiom (Patented)

Local AWS
Instance

Privacy-by-Design

Metadata Only: No
content access.

Transcription

AI Services

Local AWS
Instance

MiFID II / FCA

Full Content: (Opt-in
only).

Legal

Global DPA

Jurisdiction-
Neutral

GDPR, SCCs,
CCPA

Standardized:
Includes UK
Addendum.

Legal

Stripe

Global

PCI-DSS Level 1

Admin Only: No call data access.

Master Trust & Security Statement

Citycom Solutions provides the infrastructure for regulated communications. We
operate under a Privacy-by-Design mandate, ensuring that security is a core pillar
of our SaaS architecture.

ISO 27001:2022 Certified:

Our Information Security Management System
(ISMS) is audited annually.

The Axiom Standard:

Our patented technology analyzes audio stream
properties (latency, jitter, and signal patterns) to provide quality scores
without accessing or "listening" to voice content.

Operational Resilience:

Built on a multi-availability zone AWS architecture
with immutable audit trails.

Global Data Processing Agreement (DPA)

Data Minimization:

Citycom utilizes Axiom technology to ensure that audio content is not accessed during standard quality monitoring.

Sub-processors:

Citycom utilizes Tier-1 providers. Clients are notified 30
days in advance of any sub-processor changes.

Security:

We implement FIPS 140-2 compliant encryption (AES-256 at rest, TLS 1.3 in transit).

Audit Rights:

Citycom allows for "Paper Audits" and provides summary ISO 27001 audit reports upon request.

Jurisdictional Annexes

UK & EU (GDPR):

(GDPR): Incorporates EU Standard Contractual Clauses (2021/914) Module Two and the UK International Data Transfer Addendum.

USA (CCPA/CPRA):

Citycom acts as a "Service Provider" We do not "sell" or "share" client personal information.

Modern Slavery & Ethics Statement

Citycom Solutions maintains a zero-tolerance policy regarding modern slavery. We conduct regular due diligence on our technology supply chain to ensure compliance with the UK Modern Slavery Act 2015 and global human rights standards.

Privacy & Cookie Policy

Data Controller: Citycom is the controller for marketing and billing data.
Data Processor: Citycom is the processor for all communication data hosted on the Axiom platform.
Cookies: We use strictly necessary cookies for security and analytical cookies (only with consent) for site optimization.

Ready to transform communications into competitive advantage?

Schedule your FREE, 30-minute consultation with our experts today.

Schedule Your Discovery Session Now

Global Compliance & Trust

Master Global Compliance & Data Matrix

Category

Component

Location

Compliance standard

Access Level

Infrastructure

AWS Hosting

Client- Selected Region

ISO 27001, SOC 2

Encrypted: Zero Access

Analytics

Axiom (Patented)

Local AWS Instance

Privacy-by-Design

Metadata Only: No content access.

Transcription

AI Services

Local AWS Instance

MiFID II / FCA

Full Content: (Opt-in only).

Legal

Global DPA

Jurisdiction- Neutral

GDPR, SCCs, CCPA

Standardized: Includes UK Addendum.

Legal

Stripe

Global

PCI-DSS Level 1

Admin Only: No call data access.

Master Trust & Security Statement

ISO 27001:2022 Certified:

The Axiom Standard:

Operational Resilience:

Global Data Processing Agreement (DPA)

Sub-processors:

Security:

Audit Rights:

Jurisdictional Annexes

Modern Slavery & Ethics Statement

Privacy & Cookie Policy

Ready to transform communications into competitive advantage?

Schedule your FREE, 30-minute consultation with our experts today.

Client- Selected
Region

ISO 27001,
SOC 2

Encrypted: Zero
Access

Local AWS
Instance

Metadata Only: No
content access.

Local AWS
Instance

Full Content: (Opt-in
only).

Jurisdiction-
Neutral

GDPR, SCCs,
CCPA

Standardized:
Includes UK
Addendum.