Certifications & Independent Validation
Netop provides secure remote access software for highly regulated, security-sensitive environments. This page summarizes the independent validations, security controls, and documentation available to organizations evaluating Netop.
Our Approach to Certification
Netop’s security architecture is built around a set of controls that support external certification and compliance requirements. These controls include authenticated access, encrypted remote sessions, event logging, and centralized policy management. They provide the technical basis for customers and auditors to evaluate Netop’s suitability for highly regulated use cases.
Netop previously operated under ISO 27001 as part of a broader group certification while part of the Ativion group of companies. However, as of December 2025, Netop has separated from the Ativion group. Due to this separation, the company ceased to be covered by this certification. Netop continues to operate as before and is in the process of obtaining its own ISO 27001 certification.
Security Foundations
The following capabilities are implemented in the Netop product and represent the core security measures commonly reviewed by external auditors:
Authentication & Identity Controls
- Endpoint authentication for every remote session.
- Support for multi-factor authentication through RADIUS or Azure MFA.
- Role-based access assignments and granular permissions.
Access Governance
- Restriction of features such as file transfer, clipboard, command execution, registry access, and application use.
- Time-of-day access control and IP address filtering.
- Segmentation of internal staff, vendors, and third parties based on criteria such as criticality or geography (aligned with NIS2 expectations).
Encryption and Connection Security
- Encrypted communication for all remote sessions.
- Outbound-only connections that do not expose open ports to the internet.
- Ability to operate fully within customer networks (LAN/WAN/VPN) without relying on external routing.
Logging and Monitoring
- Host event logging with retention until the Portal connection is restored.
- Portal audit logs for user activity and Host events.
- Recording of remote sessions in a tamper-resistant proprietary format.
- Optional SNMP trap integration for SIEM systems.
These controls provide the evidence required for internal audits, external assessments, and regulatory reviews
Current Certification Status
Netop maintains a security architecture aligned with common control areas found in frameworks such as ISO 27001, SOC 2, PCI DSS, HIPAA principles, and NIS2.
Netop previously operated under ISO 27001 as part of a broader group certification. However, as of December 2025, Netop has separated from Ativion and now functions as an entirely independent entity. Due to this separation, the company has lost its ISO 27001 and is now pursuing independent certification.
Customers may request technical documentation, architecture summaries, audit-relevant information, and security response processes through the Trust Center.
Cloud and Infrastructure Assurance
Netop can be deployed on-premises, in hybrid environments, or within customer-controlled cloud environments, including AWS. When using AWS Marketplace deployment options, customers inherit AWS’s underlying infrastructure compliance controls while retaining full responsibility for application-level governance.
Available Security Documentation
Organizations may request the following materials to support reviews, vendor assessments, and compliance audits:
- Remote Access Security Overview
- Technical Architecture overview
- SBOM for Guest/Host/Gateway/Security Server
- Logging, recording, and SIEM/SNMP configuration guidance
- Authentication configuration guides (RADIUS, Azure MFA, AD/LDAP)
