Security policy
Management commitment
GPU Solutions, as operator of the GPU Flow platform, is committed to information security and to its proper management throughout the entire service lifecycle, offering maximum guarantees to clients, users and interested parties.
Active certifications
- ISO/IEC 27001:2022 · Information Security Management System.
- ENS Medium Category · Spanish National Security Framework (RD 311/2022).
The certificates are available for direct download from the footer of the main site.
Security objectives
- Provide a resilience framework for critical situations.
- Ensure rapid service recovery in the event of disasters or disruptions.
- Prevent security incidents to the extent reasonably possible.
- Guarantee the confidentiality, integrity, availability, authenticity and traceability of information.
Security principles
Based on ISO/IEC 27001:2022 and RD 311/2022 (ENS), our principles include:
- Executive leadership of the Management System.
- Identification and analysis of context and interested parties.
- Legal and regulatory compliance.
- Protection of confidentiality and availability of information.
- Incident response and business continuity capability.
- Risk treatment over critical assets.
- Personnel training and awareness.
- Continuous improvement of processes.
Legal and regulatory framework
- Regulation (EU) 2016/679 (GDPR).
- Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights.
- Royal Decree 311/2022 (Spanish National Security Framework).
- Regulation (EU) 910/2014 (eIDAS).
- Law 34/2002 on Information Society Services (LSSI-CE).
- Legislative Royal Decree 1/1996 (Intellectual Property).
- Law 31/1995 on Occupational Risk Prevention.
Security roles and functions
| Role | Responsibilities |
|---|---|
| ISMS Owner | Planning, implementation, supervision and continuous improvement. |
| Information Owner | Decisions about the information processed. |
| Service Owner | Coordination of implementation and improvement. |
| Security Officer | Evaluation of technical and organisational measures. |
| System Owner | Operational coordination of the system. |
| Management | Resource provision and leadership. |
Information security committee
Body with ultimate responsibility for security management. Autonomous structure with executive authority, whose activity is not subordinate to any other element of the organisation.
Infrastructure and providers
All inference runs on NVIDIA HGX B200 nodes deployed on Spanish soil, with DDN EXAScaler parallel storage and an internal RDMA network. Cluster access is restricted to authorised personnel and traced via centralised logging.
The infrastructure is bare metal, with no shared tenancy. Data is never replicated outside the European Union.
Incident management
We maintain a documented procedure covering detection, containment, eradication, recovery and lessons learned. Incidents involving personal data are reported to the Spanish Data Protection Agency (AEPD) within 72 hours under art. 33 GDPR, and to affected individuals where applicable.
Security contact: [email protected] (subject "Security incident").
Revision history
| Version | Reason | Date |
|---|---|---|
| 1.0 | Document creation | 02/12/2025 |
| 1.1 | Addition of ISMS Owner | 19/02/2026 |
| 1.2 | Addition of redistribution period | 23/02/2026 |
Document redistributed annually and reissued upon material changes.