Information Security

OpenCard maintains an information security framework aligned with ISO/IEC 27001 principles, designed to protect transaction data and integrations across the platform.

OpenCard’s security approach, governance, and core control areas are outlined below.

At a high level, OpenCard’s security approach includes:

governance and risk management integrated into operational and development processes
secure cloud infrastructure operated in the EU
encryption of data in transit and at rest
role-based access control, strong authentication, and least-privilege principles
centralized logging, monitoring, and detection capabilities
structured vulnerability, threat, and incident management
secure development practices, including controlled change and security checks in build and deployment workflows
documented business continuity and recovery capabilities
supplier and sub-processor oversight aligned with service and data protection requirements
continuous improvement through review, assessment, and follow-up of security controls

OpenCard is operated by Open API Int. AB and is maintained within an information security management framework aligned with ISO/IEC 27001 principles. No certification claims are made for the OpenCard service itself.

For partners and customer stakeholders who need OpenCard’s standardized assurance material for onboarding, security review, privacy review, or contractual assessment, OpenCard Partner Assurance provides additional high-level information such as:

platform scope
high-level architecture
high-level data flows and integration model
hosting and data location information
public sub-processor information at opencard.io/sub-processors
access control, logging, and monitoring
secure development and vulnerability management
incident management and notifications
continuity and recovery model
privacy, DPA, and TPA structure

Access to OpenCard Partner Assurance is provided through a protected route. To request access, please contact [email protected].