Security & Compliance

Your Data. Your Firewall.
Your Control.

Ottovis runs on your infrastructure, behind your firewall. No cloud dependency. No data egress. Full sovereignty for security-conscious manufacturers.

Your data never leaves your facility

End-to-end encryption by default

GDPR compliant & IEC 62443 aligned

Full audit trails & access control

Built for OT Environments, Not IT Cloud Apps

Industrial facilities need air-gapped security, not consumer cloud services. Ottovis was designed from the ground up for operational technology environments where data sovereignty isn't optional—it's mandatory.

Deployment Models

Deploy Your Way

Choose the deployment model that matches your security posture and operational needs.

Recommended

On-Premises

Runs entirely on your existing infrastructure. Complete control, zero external dependencies.

Key Benefits

  • Air-gapped deployment supported
  • No internet connection required
  • Full hardware control
  • Lowest latency
  • No data leaves facility

Best For

Critical infrastructure, utilities, defense contractors, highly regulated industries

Flexible

Private Cloud (VPC)

Dedicated cloud instance in your region. Ottovis manages infrastructure, you control access.

Key Benefits

  • Regional data residency (EU, UK, US, Asia)
  • Managed updates & scaling
  • Multi-site synchronization
  • Enterprise SLA (99.9% uptime)
  • Disaster recovery included

Best For

Multi-site operations, hybrid environments, rapid deployment needs

Coming 2026

Hybrid

Best of both worlds: edge processing on-site, cloud sync for cross-facility insights.

Key Benefits

  • Real-time telemetry at edge
  • Aggregated analytics in cloud
  • Flexible data governance
  • Global visibility, local control
  • Optimized for large enterprises

Best For

Global manufacturers with 10+ facilities wanting centralized insights

What Ottovis Does NOT Do

Send your data to cloud for AI processing
Train models on your proprietary data
Share data across customers
Store data outside your specified region
Require internet connection for operation
Force automatic software updates
Data Sovereignty

Your Data Lives
Where You Want It

Full data sovereignty with regional residency guarantees. Compliance with GDPR and local data protection laws across all markets.

Regional Data Residency

Your data stays in your country. EU data in EU servers. UK data in UK servers. Full compliance with local data protection laws.

GDPR Compliant by Design

Right to be forgotten, data portability, consent management—all built-in from day one. DPA (Data Processing Agreement) included.

Local Regulatory Compliance

Complies with regional manufacturing and data protection regulations. No cross-border data transfers without explicit consent.

You Own Your Data

Complete data ownership. Export anytime. Delete anytime. No vendor lock-in. Your intellectual property stays yours.

Currently Available Regions

Ottovis pilots are currently available in select regions. Expanding globally throughout 2025-2026.

Active Regions

  • United Kingdom

    Pilots active • Full deployment available

  • Pakistan

    Pilots active • Full deployment available

Expansion Roadmap

  • 2025 Q3European Union (Germany, Netherlands)
  • 2025 Q4Southeast Asia (Malaysia, Indonesia)
  • 2026 Q1North America (US, Canada)

Data residency guarantees apply to all regions • Contact us for custom regional requirements

Technical Architecture

Security-First Architecture

Enterprise-grade security built into every layer—from authentication to encryption to audit trails.

Authentication & Access Control

Single Sign-On (SSO)

Integrate with your existing identity provider via SAML, OAuth, or Active Directory

Role-Based Access Control (RBAC)

Granular permissions: Plant Manager (admin), Supervisors (read+write), Operators (query-only), Auditors (logs-only)

Multi-Factor Authentication

Optional MFA layer for sensitive operations. SMS, authenticator app, or hardware token support

Session Management

Automatic timeouts, concurrent session limits, forced logout on suspicious activity

Network Security

Read-Only Integrations

Ottovis never writes to your CMMS or SCADA. All integrations are read-only by design

Firewall-Friendly

Configurable ports, no inbound traffic required. Works in air-gapped networks

VPN Support

Secure remote access via your existing VPN infrastructure

Network Segmentation

Can run in isolated OT network with no connection to corporate IT

Data Encryption

At Rest: AES-256

All stored data encrypted with military-grade AES-256 encryption. Keys managed by you or via HSM

In Transit: TLS 1.3

All network communication uses latest TLS 1.3 protocol with perfect forward secrecy

End-to-End Encryption

Sensitive fields (PII, proprietary specs) encrypted throughout entire lifecycle

Key Management

Bring your own keys (BYOK) or use Ottovis-managed encryption keys

Audit & Compliance

Full Audit Logs

Every action logged: who accessed what, when, from where. Immutable audit trail

Tamper-Proof Logs

Cryptographic hashing ensures logs cannot be altered retroactively

Compliance Reports

Export audit reports for ISO 27001, SOC 2, GDPR compliance reviews

Configurable Retention

90-day default retention. Extend to 1, 3, or 7 years for regulated industries

Role Permissions Matrix

PermissionOperatorSupervisorManagerAdmin
Query system (ask questions)
View SOPs and procedures
View maintenance history
Add shift notes
Upload new documents
Edit existing documents
Configure integrations
Manage user permissions
View audit logs
Export data

Custom roles can be configured during deployment to match your organizational structure

AI Model Security

Local AI Means Secure AI

Unlike cloud-based AI tools, Ottovis runs models on your infrastructure. Your queries never leave your network.

How Local Inference Works

1.
Model Deployment: AI models installed on your servers during setup. Weights stored locally, never transmitted.
2.
Query Processing: When operator asks a question, it's processed entirely within your network. No external API calls.
3.
Context Assembly: System retrieves relevant chunks from your SOPs, logs, and telemetry—all local.
4.
Answer Generation: AI generates response using local model. Result includes source citations and confidence score.

Local Model Inference

AI models run on your infrastructure, not cloud APIs. All inference happens locally—no external calls.

Zero data egress

Model Choice Flexibility

Deploy open-source models (Llama 3, Mistral) for full control, or commercial models (Azure OpenAI private endpoint) for enterprise SLA.

You decide the trade-offs

Prompt Injection Protection

Input sanitization prevents malicious queries. Output validation catches hallucinated dangerous instructions.

Safety-first AI

Confidence Gating

Low-confidence answers are flagged, not auto-displayed. Operators see when the system isn't sure.

Trust through transparency

Choose Your Model Deployment

Open Source Models

Llama 3, Mistral, or other open-weight models deployed on your hardware

Full control over model weights
No per-query costs
Audit model architecture
Works in air-gapped networks

Best for: Maximum control, air-gapped environments, cost-sensitive deployments

Commercial Models

Azure OpenAI private endpoint or AWS Bedrock in your VPC

Enterprise SLA (99.9% uptime)
Automatic model updates
Advanced reasoning capabilities
Private endpoint (data stays in VPC)

Best for: Enterprise scale, managed updates, maximum performance

Both options keep data within your infrastructure boundary • No data sent to public cloud APIs

What Data Ottovis Collects (Opt-In Only)

✓ What We MAY Collect (If You Opt-In)

  • • Anonymized usage metrics (queries/day, response times)
  • • System performance data (latency, uptime)
  • • Error logs (for support troubleshooting)
  • • Feature usage statistics (which tools are most used)

✗ What We NEVER Collect

  • • Actual query content or operator questions
  • • Your documents, SOPs, or procedures
  • • Maintenance records or work order details
  • • Sensor data or telemetry values
  • • Personally identifiable information (PII)

All telemetry is opt-in during deployment • Can be disabled at any time

Compliance & Certifications

Compliance-Ready Today

Built to meet global security and data protection standards. Certified now, expanding certifications throughout 2025-2026.

Current Compliance

Certified

GDPR

General Data Protection Regulation

Full compliance with EU data protection laws. Right to be forgotten, data portability, consent management built-in.

Aligned

IEC 62443

Industrial Cybersecurity Standard

Aligned with IEC 62443 standards for industrial automation and control systems security.

In Progress

Cyber Essentials

UK Government Cyber Security Scheme

In progress for UK government-backed certification demonstrating cyber security best practices.

Certification Roadmap

Q3 2025
High Priority

ISO 27001

Information Security Management

International standard for information security management systems (ISMS).

Q4 2025
High Priority

SOC 2 Type II

Service Organization Control

Audit of security, availability, processing integrity, confidentiality, and privacy controls.

Q1 2026
Medium Priority

NIST CSF

Cybersecurity Framework

Alignment with NIST Cybersecurity Framework for critical infrastructure protection.

Industry-Specific Compliance

FDA 21 CFR Part 11

Food & Beverage

Supports electronic records and signatures workflows for FDA-regulated facilities

NERC CIP

Utilities

Aligns with North American Electric Reliability Corporation Critical Infrastructure Protection standards

GxP Compliance

Pharmaceuticals

Audit trails and data integrity controls ready for Good Manufacturing/Laboratory Practices

Data Residency

All Industries

Complies with regional data protection laws globally (GDPR, PDPA, LGPD, etc.)

Audit & Compliance Support

We provide comprehensive documentation and support for your security audits and compliance reviews.

Security Questionnaire

Pre-filled template for procurement

Architecture Diagrams

Data flow & network topology

Audit Logs Export

Compliance-ready reports

Side-by-Side Comparison

Ottovis vs
Cloud-Based AI

See why on-premises deployment is the only secure choice for industrial operations.

Data Security

Feature
Ottovis (On-Prem)
Generic Cloud AI
Data Location
Your facility / Your VPC
US/EU cloud (varies by vendor)
Data Ownership
You own 100%
Vendor may use for training
Internet Required
No (air-gapped OK)
Yes (always)
Proprietary Data
Never leaves your site
Sent to cloud for processing

Control & Compliance

Feature
Ottovis (On-Prem)
Generic Cloud AI
Compliance Control
Full control (on-prem)
Vendor-dependent
Audit Logs
You own, immutable
Vendor-managed
Data Residency
Guaranteed (your region)
Varies by vendor tier
RBAC Customization
Fully customizable
Limited to vendor options

Operations

Feature
Ottovis (On-Prem)
Generic Cloud AI
Uptime Dependency
Your infrastructure
Vendor uptime
Customization
Tailored to your SOPs
Generic responses
Integration Control
You control data sources
Limited connectors
Latency
Local network (< 100ms)
Internet-dependent (varies)

Cost & Predictability

Feature
Ottovis (On-Prem)
Generic Cloud AI
Cost Model
Fixed site subscription
Per-query metering
Surprise Costs
None (fixed price)
Possible (usage spikes)
Budget Predictability
Fully predictable
Variable by usage

The Bottom Line

Cloud-based AI tools like ChatGPT, Microsoft Copilot, and Google Gemini were built for consumer productivity—not industrial security. Every query you send leaves your network and may be used to train their models.

Ottovis was built from the ground up for OT environments where data sovereignty isn't optional. Your procedures, maintenance logs, and sensor data never leave your facility.

Security FAQ

Common Questions

Answers to the most common security and compliance questions from IT security teams and procurement.

No. With on-premises deployment, your data never touches our servers. All processing happens within your network. We can only see aggregated, anonymized usage metrics if you explicitly opt-in during deployment (e.g., queries per day, average response time). We never see actual query content, documents, or maintenance records.

Still Have Questions?

Our security team is happy to walk through your specific requirements and concerns in a private consultation.

Schedule Security Review

Ready to Deploy
Securely?

Talk to our security team about your specific requirements, or download our technical resources for your procurement process.

Schedule Security Deep-DiveView Pilot Programme

Security Resources

Security Whitepaper

Comprehensive 20-page technical deep-dive into Ottovis security architecture

Download PDF

Security Questionnaire

Pre-filled template answering 50+ common procurement security questions

Download Template

Architecture Diagrams

Data flow maps, network topology, and deployment architecture visuals

Request Diagrams

GDPR Compliant

EU Data Protection

IEC 62443 Aligned

Industrial Cybersecurity

ISO 27001

In Progress (Q3 2025)

Trusted by manufacturers who take security seriously