top of page
Home: Welcome
Turbit Illustration

COMPLIANCE AND SECURITY 

Turbit is committed to maintaining the world's highest standards of data security, regulatory compliance, and operational integrity across all its products. As part of our mission to build the intelligent risk infrastructure for renewable energy, we ensure that our technology and processes exceed your expectations of global compliance and quality standards.

Home: Headliner

QUALITY AND CERTIFICATIONS

We implement strict quality management systems to ensure reliability and trust in our AI solutions for monitoring, data management, and insurance integration.

​

As a German company we fullfill the highest security standards

Addaption

ISO 27001 Certification

Turbit is currently undergoing certification according to ISO/IEC 27001, expected to be completed in the first quarter of 2026.
Internal policies, controls, and audits are already in place to align with this standard.

Infrastructure

Critical Infrastructure

Almost all Turbit customers are classified as operators of critical infrastructure.
Verification for these customers has been completed through detailed infrastructure and security plans.
Turbit does not have direct access to control systems of wind or solar parks, which limits security exposure and simplifies verification processes.

Document

Documentation for Customers

Security overview and infrastructure plans are available on request.

Data Processing Agreement are available for signature.

Customer Data Protection and Encryption

Data Scope

​

  • Operational data like SCADA, status codes, sensor signals, performance and maintenance information

  • Customer data: Only essential business contact details are  stored

Encryption

  • In transit: TLS for all interfaces.

  • At rest: encrypted storage on EU-hosted infrastructure.

Data Residency

  • All storage and processing are in the European Union.

Hosting and Storage

Provider and Location

 Our server are positioned in European bare-metal servers in EU data centers that meet ISO 27001. Only Turbit has access to them.

Geographic redundancy ensures the highest uptimes 24/7.

Architecture

Production services and databases run redundantly, at least three services across distinct data centers. Private networking,  segmentation, and firewalls protect all interfaces.

Regular offline and cold backups are stored off-site and are available for even worst-case scenarios.

Secure Development Practices

  • Structured SDLC with security reviews on changes.

  • Changes tracked via RFCs and Architectural Decision Records.

  • Weekly automated updates of services and operating systems.

  • Only packages vetted by the cybersecurity team are permitted.

  • Continuous monitoring of security advisories with rapid patching.

Access Controls

Account Lifecycle

  • Manual user creation, immediate revocation available.

  • Semi-automated periodic access reviews.

  • Planned controls: automatic deactivation of inactive accounts and enforced password rotation for critical services.

Authentication and Interfaces

  • Multi-factor authentication supported

  • API access via API keys, OAuth 2.0, or certificates.

  • Remote access via 2FA, SSH key authentication, OpenVPN, and OAuth.

Least Privilege

  • Role-Based Access Control for employees, customers, and suppliers.

Corporate Security

  • Connections to external facilities are provisioned through the Turbit support ticket system.

  • Only trained and authorized personnel may access these environments.

  • Passwords are exchanged via secure one-time transfer system (Share a secret - One Time).

Threat and Vulnerability Management

Prevention and Detection

  • Network segmentation and firewalls in place.

  • WORM log storage and monitoring with fraud-detection analytics, SIEM, and IDS.

Patch and Vulnerability Process

  • Continuous monitoring of cybersecurity alerts.

  • Vulnerabilities triaged in the internal ticket system and remediated according to criticality.

Backup, Recovery, and Business Continuity

Backup, Recovery, and Business Continuity

  • Hot backups at least weekly.

  • Quarterly offline cold backups, stored offsite.

  • Grandfather-Father-Son strategy, backups currently retained indefinitely.

Testing

  • Automated restore tests monthly.

  • Manual restore exercises every six months.

Resilience

  • Georedundant infrastructure, automatic rollbacks, and controlled failure testing with “chaos monkey” simulations.

  • Documented strategy for full rebuild and restoration.

Logging and Auditability

  • Comprehensive audit logging being rolled out for ISO alignment.

  • Captures logins, system access, configuration changes, and admin actions.

  • WORM storage for tamper-resistance.

EU AI Act Compliance

Classification

  • Turbit’s AI is used for monitoring and predictive insights.

  • No autonomous control of safety-critical functions, therefore classified as Minimal or Limited Risk under the EU AI Act.

Measures

  • User transparency that AI analytics are applied.

  • Explainable outputs that enable human verification.

  • Human oversight for all operational decisions.

  • GDPR-aligned data governance on EU infrastructure.

  • Technical documentation and performance logging maintained.

  • ISO 27001 certification in progress, with future alignment to harmonized EU AI standards.

For security, compliance, or data protection inquiries:

CONTACT

bottom of page