← Back to portflow.tech
πŸ—ΊοΈ

Security Roadmap

Security & Compliance Initiatives 2026–2027 Β· March 24, 2026 Β· Document Version: 1.0

Commitment to Security & Compliance

PortFlow is committed to the highest standards of data security and regulatory compliance. This public roadmap outlines our security and compliance initiatives for 2026 and 2027, demonstrating our commitment to security-conscious maritime agencies.

We believe transparency about our security roadmap builds trust. This is what we're building, and when you can expect it.

2026: At a Glance

Q1

Foundation

Q2

Enhancement

Q3

Assessment

Q4

Certification

Completed

Q1 2026: Foundation & Transparency

Focus: Publish security documentation and establish baseline compliance

Delivered

βœ“Privacy Policy published (March 24, 2026)
βœ“Security Whitepaper published (March 24, 2026)
βœ“GDPR Readiness Statement published (March 24, 2026)
βœ“Public Roadmap published (March 24, 2026)
βœ“Security contact established (security@portflow.tech)
βœ“Data encryption implemented (TLS 1.3, AES-256)
βœ“Multi-tenant data isolation verified
βœ“Audit logging infrastructure operational
βœ“Marina AI chatbot deployed with privacy controls

In Progress

⟳Initial security review of codebase
⟳Documentation of all third-party integrations
⟳Preparation of penetration test scope
Planned

Q2 2026: Preparation & Enhancement

Focus: Finalize compliance agreements and plan certification audits

β–‘

Data Processing Agreement (DPA) finalized

End of May 2026

Formal GDPR compliance contract for customers. Currently in legal review.

β–‘

EU Data Residency option deployed

End of June 2026

Data stored in AWS eu-west-1 (Ireland) for EU customers. Infrastructure planning stage.

β–‘

GDPR Data Subject Rights workflow refined

End of April 2026

Automated systems for data access/deletion requests. Testing in progress.

β–‘

Third-Party Risk Assessment completed

End of May 2026

Formal evaluation of Neon, Vercel, Anthropic security posture.

β–‘

Disaster Recovery testing (quarterly)

End of June 2026

Verify data can be recovered from backups. Procedures documented.

β–‘

Compliance documentation enhanced

End of June 2026

Additional detail for customers and auditors. Currently outlined.

Key Dates

Β· May 1: GDPR legal review completed
Β· May 15: EU infrastructure ready for testing
Β· June 1: DPA final version ready
Β· June 30: All Q2 items complete
Planned

Q3 2026: Assessment & Hardening

Focus: Conduct independent security assessment and strengthen controls

β–‘

Third-Party Penetration Test

Sep 30, 2026

External firm tests full application and infrastructure. Vendor selection in progress. Penetration test report with findings will be delivered.

β–‘

Security Hardening based on results

Oct 31, 2026

Fix any vulnerabilities found in penetration test. Procedures defined.

β–‘

Enhanced Access Logging

Sep 15, 2026

Improved audit trails for compliance auditors. Design completed.

β–‘

Incident Response Procedures formalized

Aug 31, 2026

Documented procedures for security incidents. Currently drafted.

β–‘

Security Training for team

Aug 15, 2026

Ensure all staff understand security requirements. Curriculum designed.

Customer Impact

The penetration test identifies vulnerabilities before customers discover them. Results will be shared transparently with a remediation plan included.

Planned

Q4 2026: Certification & Audit

Focus: Complete GDPR audit and begin SOC 2 Type II audit

β–‘

GDPR Compliance Audit

Dec 31, 2026

Independent auditor verifies full GDPR compliance. Scope: lawful basis, data subject rights, security measures, sub-processor compliance. Estimated cost: €15,000–€25,000. Report due January 2027.

β–‘

SOC 2 Type II Audit initiated

Jan 2027 start

SOC 2 Type II is the gold standard for SaaS security. 6-month audit period verifying Security, Availability, and Integrity controls. Planning phase begins Q4.

β–‘

Remediation of Penetration Test findings

Nov 30, 2026

All security vulnerabilities from Q3 penetration test patched.

β–‘

Security Certifications published

Jan 2027

Share audit reports with customers as appropriate. Process defined.

β–‘

Compliance documentation updated

Dec 31, 2026

Update Privacy Policy and Security Whitepaper based on audit findings.

What Customers Get by End of Q4 2026

  • βœ“ GDPR Compliance Certificate (independent validation)
  • βœ“ SOC 2 Type II certification (in progress, complete Q2 2027)
  • βœ“ Penetration test results (summary of findings and fixes)
2027

2027: Enterprise & Advanced Certifications

Q1 2027: Enterprise & Compliance

  • Β· SOC 2 Type II Certification received: validates Security, Availability, Integrity controls (March 2027)
  • Β· GDPR Audit Results Published, January 15, 2027
  • Β· Enterprise Security Features Phase 1: SSO via SAML 2.0, Advanced MFA (hardware keys, authenticator apps), IP whitelisting
  • Β· Quarterly Penetration Test program formalized
  • Β· 2027–2028 Security Roadmap released

Q2–Q4 2027: Advanced & Ongoing

  • Β· Enterprise Security Features Phase 2: advanced reporting, compliance report generation, RBAC enhancements
  • Β· ISO 27001 Gap Analysis and remediation planning
  • Β· Quarterly penetration testing (continuing)
  • Β· ISO 27001 Audit begins (Q4 2027, expected completion Q1 2028)
  • Β· SOC 2 Type II Re-certification

Certifications by End of 2027

βœ“ SOC 2 Type II (March 2027)

βœ“ GDPR Compliant (January 2027)

⟳ ISO 27001 (planning phase, 2027–2028)

Roadmap Philosophy

Realistic

All dates reflect industry standards for certification timelines, actual audit durations, and team resource requirements.

Achievable

Each item has defined scope, clear ownership, measurable outcomes, and contingency buffer for delays.

Not Overpromising

We avoid claiming certifications we don't have, publishing reports that don't exist, or compressing timelines unrealistically.

Key Security Principles Throughout 2026–2027

1
Transparency: Every claim we make is backed by documented evidence or credible audit.
2
Continuous Improvement: Security isn't a destination. We're always improving.
3
Third-Party Validation: Independent auditors verify our claims, not just our own assertions.
4
Customer Focus: Every security feature is designed to protect our customers' data.
5
Responsibility: If we make a commitment, we deliver on time.

Roadmap Commitment

βœ“Publishing quarterly updates on this roadmap
βœ“Achieving 90%+ of stated Q1–Q2 2026 items
βœ“Sharing audit results transparently with customers
βœ“Communicating any delays with advance notice
βœ“Protecting customer data above all else

If we cannot meet a deadline, we will notify affected customers immediately, provide a revised timeline, explain what delayed the work, and share interim progress reports.

Questions About This Roadmap

Sales: sales@portflow.tech

Security: security@portflow.tech

Compliance: privacy@portflow.tech

Current Customers

Review this roadmap for items that matter to your organization. Share feedback on priorities.

Prospective Customers

Use this roadmap to evaluate our security maturity. Request current audit reports or DPA.

Security / Compliance Teams

Review supporting documentation. Schedule a security assessment call with our team.

PortFlow Β© 2026 Β· All Rights Reserved Β· Document Version 1.0 Β· Latest updates at portflow.tech/roadmap