Struck is officially ISO 27001 certified. This milestone confirms that our Information Security Management System meets the international standards and, more importantly, that security is deeply embedded in how Struck operates as a platform.

For our clients, especially those operating in the public sector, Struck is not just another tool. It is part of decision-making processes around permits, zoning rules and compliance checks. That means the data flowing through Struck is often sensitive, contextual and directly tied to critical, real-world outcomes. Information security is therefore not a layer on top of our product. It is a core requirement of how it functions. 

What ISO 27001 Means in the Context of Struck

ISO 27001 is the global standard for managing information security, and for Struck it goes beyond internal policies by applying directly to how our platform processes, stores and structures data. Struck translates complex local building regulations into structured, machine readable rules that are used to automatically assess compliance for specific addresses, projects or permit applications, which means working with municipal policy documents and zoning plans, project specific data such as building parameters and use cases, as well as client specific configurations and rule interpretations. Certification confirms that every part of this process, from the ingestion of regulations to the output of compliance insights, is governed by clear responsibilities and strict security controls.

Security Built Into the Product

Struck’s platform is built around structured rule engines and automated decision logic, and ISO 27001 reinforces that this logic is not only accurate but also secure and reliable. Rather than treating security as something reactive, we embed it throughout the platform, from data processing workflows where regulations are uploaded and updated with access controls and validation steps that ensure integrity and traceability, to rule management and versioning where changes to rules, interpretations or datasets are logged, reviewed and auditable, which is essential when decisions need to be explained or revisited. The same applies to client environments, where municipalities and organizations operate in clearly separated spaces with controlled access and role based permissions, as well as to output generation, where compliance checks and recommendations are protected against unauthorized access or manipulation.

Structured Risk Management

Struck operates at the point where policy turns into action, which means a compliance check is never just data output but something that can directly influence whether a project moves forward. ISO 27001 supports this by ensuring we take a structured approach to risk, where we continuously identify how regulatory data is processed and interpreted, assess the potential impact on clients and end users, and put safeguards in place that reduce both technical and operational risks, which is essential in a context where accuracy, transparency and reliability are closely tied to public trust.

Continuous improvement, built into how we work

Struck doesn’t stand still, since regulations change, municipalities update their policies, and our platform evolves alongside them. ISO 27001 reflects that same dynamic, as maintaining certification means continuously monitoring our systems and processes, carrying out regular internal and external audits, involving both leadership and product teams, and updating our controls as new risks emerge. In practice, this means security is not something we revisit occasionally, but something that develops in parallel with the platform as part of the same ongoing process.

A Stronger Foundation for Digital Permitting and Compliance

Digital transformation in the public sector depends on trust in the systems that support it, particularly when those systems are used to interpret regulations and inform decisions, which is where Struck plays a role by turning complex rules into something usable, consistent and scalable across projects and teams. ISO 27001 certification strengthens that role by ensuring that regulatory data is handled with care and precision, that automated compliance checks are built on a secure and well controlled foundation, and that collaboration between stakeholders takes place in a reliable and structured environment, marking an important step as Struck continues to expand its role in rule based automation and further build a platform that clients can depend on for both capability and security.

We look forward to continuing to build secure digital services together, on a solid and independently verified foundation.