RiskForge
DE Request a demo
Security & compliance

Built to be audited, including by you.

A platform that audits your controls must survive scrutiny of its own. RiskForge's security guarantees hold because of how the system is built, not because a policy document promises them.

Architecture is the first control.

  • Independence by design. RiskForge runs outside SAP on a read-only data feed. It holds no SAP write authorisations beyond the minimal hook. The monitored system cannot alter its monitor.
  • Per-customer isolation. Each customer runs in a dedicated environment with their own encryption keys. No shared databases, no shared compute.
  • EU data residency, enforced. All processing and storage happens in EU data centres. The restriction is written into our infrastructure code, so a non-EU deployment is technically impossible rather than merely forbidden.
  • Encryption everywhere. In transit and at rest, with managed key rotation.
  • Least privilege throughout. Every internal component holds exactly the access it needs. The dashboard cannot touch raw data. The listener cannot write to SAP.
  • Append-only evidence. The evidence vault accepts additions only, and records are hash-chained. Tampering is not just prohibited, it is visible.
  • Fail-safe interception. If RiskForge is unreachable, you choose per process whether transactions pass unchecked or wait. The availability of your operations is never hostage to ours.

GDPR by design.

RiskForge processes employee activity data, so GDPR is a design input rather than an afterthought. Data minimisation is built in from the ground up. Purpose is limited to controls monitoring. Access is role-scoped, so each viewer sees only what their function requires. Retention rules apply per data class, and full records of processing are maintained. Works councils receive clear documentation of what is monitored and what is not.

EU AI Act: high-risk, and built for it.

A system that influences financial decisions about transactions falls into the EU AI Act's high-risk class. RiskForge is built for conformity from day one. Human oversight is part of the architecture, since no transaction is finally rejected without a human decision. Every automated decision is logged with its inputs and model version. Confidence bands communicate uncertainty honestly, and the technical documentation is maintained continuously. Anti-hallucination guardrails keep ForgeIQ grounded in your data: it cites what it reads, and it says so when it cannot answer.

Our own change management.

We hold ourselves to the standard we audit. Every change to RiskForge is version-controlled, peer-reviewed, automatically tested and deployed through a pipeline. There are no manual changes to production. Customers' auditors may inspect our development lifecycle documentation on request.

See RiskForge on your own processes.

A 30-minute walkthrough against realistic SAP scenarios: payment runs, journal entries, transports. No slides, just the actual product.

Request a demo