Building Trust at Scale: How Optiml Became Enterprise-Ready

In a digital world where trust is currency, compliance isn’t just about ticking boxes - it’s a foundation for long-term partnership. At Optiml, we’ve achieved ISO 27001 and SOC 2 Type II certifications to ensure our platform meets the highest standards in security, reliability, and data integrity.

As a platform used by clients across Europe and the United States, we also maintain full GDPR compliance. Whether it’s asset strategy modeling, or capital planning - our customers can rely on Optiml to protect their most sensitive information with transparency and precision.

“We didn’t want a once-a-year checklist. We wanted compliance to be always-on,” says Matthias Müller, Product Lead at Optiml, who brings experience advising large enterprises on digital transformation and product development during his time at PwC - PricewaterhouseCooper. “This approach doesn’t just make us audit-ready - it strengthens how we operate and brings us further as an organization in meeting the expectations of enterprise clients.”

To achieve this, we partnered with Vanta, a compliance automation platform that allowed us to move fast without cutting corners. Every piece of evidence - from infrastructure configurations to employee security trainings - was automatically collected, tracked, and kept audit-ready.

“Our auditors even used the platform directly during the audit execution” Matthias Müller explains. “It’s a sign that compliance is evolving into a fully digital experience—no more endless spreadsheets or printouts.”

Security at Optiml is more than just best practices - it’s embedded in how we operate.

Eric Marty, our Information Security Officer, brought deep expertise from his ETH background in cybersecurity to design our approach from the ground up.

“We established a dedicated Information Security Management System (ISMS) team with clear ownership and cross-functional alignment,” Eric Marty says. “Our security model is engineered to be scalable, auditable, and actionable - not just compliant on paper.”

Our ISMS team ensures that policies, access controls, vendor reviews, and incident handling are not only robust, but continuously evaluated and improved. Security is part of our product culture—from infrastructure to the way we ship code.

Customers shouldn’t have to guess how we manage their data - and they don’t have to.

That’s why we launched the Optiml Trust Center https://trust.optiml.com/: a public-facing portal where clients can review our certifications, security policies, subprocessor details, and incident response processes.

“Trust is earned through transparency,” says Jordi Campos, Co-Founder and CTO at Optiml. “We’ve built a space where customers can verify, not just believe - with everything from certifications to real-time status updates. They can see our live system health at any time via status.optiml.com.” The Trust Center supports faster vendor reviews and easier procurement - especially for enterprise clients with strict IT and legal requirements.

Security and compliance aren’t static - they evolve with the technologies we build and the regulations that follow.

“We’re already preparing for the EU AI Act and other related AI frameworks,” Matthias Müller notes. “Our proprietary models and LLM-powered workflows are being mapped against its risk categories - with governance, documentation, and controls already in motion.”

Optiml is embedding responsible AI practices across product and engineering, ensuring every model is explainable, monitored, and governed as regulations emerge.

Whether your roles involves overseeing a portfolio of real estate assets, leading ESG initiatives, or advising institutional investors - here’s how this impacts your day-to-day:

At Optiml, trust is built - not assumed. With ISO 27001, SOC 2, GDPR compliance, an established ISMS team, and a live Trust Center, we’ve created a foundation our clients can rely on—today and into the future.