Security
Our products are designed to protect sensitive information, operate reliably under real‑world conditions, and meet the compliance requirements of regulated environments.
Committed to trust, security and compliance
Security, quality, and governance are embedded into our product development, operational processes, and customer deployments. This applies from initial design through ongoing operations and constant improvement.
Our approach to continuous security
We maintain robust operational controls to protect the availability, integrity, and confidentiality of our systems and services:
- Ongoing monitoring and alerting across production systems and infrastructure
- Documented incident response processes with clearly defined roles and escalation paths
- Business continuity and disaster recovery planning developed and aligned with risk assessments
- Backups and recovery processes
- Audit logs of system activity
These measures ensure that security incidents and service disruptions are detected quickly and managed effectively.
We perform ongoing security testing and independent assurance activities to continually strengthen our systems:
- Third‑party penetration testing conducted as part of our evolving security programme
- Automated vulnerability scanning in place, with remediation processes being expanded and formalised
- Internal audits conducted in line with ISO 9001 and 27001 requirements
- Management reviews and corrective actions to support ongoing improvement
Davidhorn assesses suppliers and service providers against defined security and compliance requirements.
Where applicable, contractual and operational controls are used to ensure third parties meet relevant legal, regulatory, and security obligations. Supplier risk assessments are integrated into our governance processes and reviewed periodically as part of our compliance programme.
Davidhorn follows a risk‑based approach to security, with regular assessments used to identify, prioritise, and mitigate risks to systems, data, and operations.
Our risk‑based assessments are supported by structured threat‑modelling, which helps us systematically identify potential threats, assess likelihood and impact, and prioritise mitigations.
Security controls are selected and maintained based on risk, legal requirements, and operational impact.
Davidhorn maintains documented incident response, escalation, and continuity procedures, which are reviewed and tested regularly.
Where required, incident notification obligations are governed by contractual agreements and applicable law.
Certifications
Certified to leading security standards
We maintain multiple internationally recognized certifications that demonstrate our ongoing dedication to security, compliance, and operational excellence.
External audits conducted by Kiwa AS – with multi-site certificates renewed yearly.
Data protection & privacy
We are committed to protecting sensitive data in accordance with applicable data protection laws and customer requirements, including, but not limited to
- Data minimisation and purpose limitation
- Encryption of data in transit and at rest
- Defined data retention and secure deletion policies
- Vendor and subprocessors assessed for security and compliance
We provide compliance documentation to all customers upon
Artificial Intelligence
Responsible AI in support of Justice
Davidhorn develops and deploys AI‑assisted capabilities for sensitive, high‑risk law‑enforcement environments, guided by a human rights‑centered approach and clear requirements for human oversight. AI‑generated outputs are always identified as drafts, and users are informed whenever AI assistance is involved.
Our products support investigative teams while upholding human dignity, protecting vulnerable individuals, and strengthening access to justice. AI assistance helps structure and surface information; it does not produce authoritative or final outcomes. Users remain responsible for reviewing, validating, and approving all AI‑assisted content to ensure accuracy, context, and accountability in investigative and legal processes.
Our principles
Human review & approval
AI‑generated content is labeled as draft and requires review by a professional before use.
No training on user data
Data remains under customer control and is not used for model training or improvement.
Sovereign deployment
Fully on‑premises or EU‑based cloud deployments
Strategic partnerships
Partners
Norwegian Center for Human Rights
The Norwegian Centre for Human Rights (NCHR), part of the University of Oslo, works to advance ethical, non-coercive investigative interviewing practices.
International Investigative Interviewing Research Group (iIIRG)
The iIIRG is a worldwide network of interviewing professionals working with national and international bodies to improve investigative interviewing.
Contact Us
If you have any security-related questions, concerns, or would like to report an incident, please contact us at
ISM@davidhorn.com
Detailed security obligations are defined in customer agreements and applicable policies.