Non-SC Controls — PD / SA / SU / DI#
System: AI Connectors Platform Last updated: 2026-05-01
This document describes how the AI Connectors platform fulfils controls outside the SC series.
Control Attestation Table#
| Control | Description | Status | Evidence |
|---|---|---|---|
| CTRL0537479 — SA.01.01 | IT solutions in sanctioned countries subject to mandatory sanctions screening | Not Applicable | Access is restricted to all Novo Nordisk employees via Azure AD — the "All Novo users" group excludes sanctioned country identities. No AI Connectors infrastructure is deployed in sanctioned regions. |
| CTRL0537481 — PD.01.17 | Data Protection Appendix (DPA) required when personal data is processed by a third-party supplier | Compliant | DPAs in place with AWS (AWS Customer Agreement) and Microsoft (Microsoft Product Terms / DPA). All processing occurs in NN-approved, EU-hosted environments. Documented in privacy-gdpr.md §3. |
| CTRL0537493 — PD.01.15 | Data breach reporting procedure must be documented and communicated | Compliant | Breach detection and escalation documented in incident-response.md §3–4. GDPR Article 33/34 obligations covered in privacy-gdpr.md §5. |
| CTRL0537501 — SU.01.01 | Assess supplier's ability to comply with Novo Nordisk requirements | Compliant | All suppliers (AWS, Microsoft) are NN-approved enterprise suppliers with existing compliance frameworks. Documented in supplier-vendor-assessment.md and privacy-gdpr.md §3. |
| CTRL0537504 — PD.01.14 | Retention and deletion — data must be deletable at end of retention period | Not Applicable | AI Connectors does not store personal data — all Graph API responses are processed in-memory and discarded. Only operational metadata (audit logs, token cache) is retained with automatic expiry. |
| CTRL0537506 — DI.06.02 | Assess and address identified failure modes and implement mitigating controls via audit trail review | Compliant | CloudWatch alarms cover key failure modes. Immutable audit log in S3 via Kinesis Firehose provides the audit trail for failure analysis. Documented in logging-monitoring.md §2–3. |
| CTRL0537507 — PD.01.18 | Cross-border transfers of personal data to third parties outside EU/EEA | Not Applicable | All AI Connectors processing occurs within EU/EEA — AWS eu-central-1 (Frankfurt), Microsoft EU tenant, Azure AD EU region. No personal data is transferred outside EU/EEA. See privacy-gdpr.md §4. |
| CTRL0537529 — DI.05.01 | User profiles (roles) must be defined per required privileges; least privilege and separation of duties | Compliant | End users have read-only Graph API access scoped to their own identity via Azure AD OBO. Platform operators hold time-bound PIM/SSO roles with least-privilege IAM policies. Covered by access-management.md §1 and sc-01-access-management.md (SC.01.02, SC.01.03). |
| CTRL0537530 — DI.04.01 | Automated transfer processes must include built-in verification checks for data integrity | Not Applicable | AI Connectors performs no automated data transfers between IT solutions — it is a stateless read-only proxy that calls Microsoft Graph and returns results in the same request. No ETL pipelines or batch transfers exist. See architecture-data-flow.md §2. |
| CTRL0537535 — DI.01.01 | Input data must as relevant and possible be verified by the receiving IT solution | Compliant | All MCP tool call inputs are validated via Pydantic models before processing. OAuth tokens are validated on every request by the OBOAuthenticator (signature, expiry, audience, tenant). See security-baseline.md and sc-04-vulnerability-patch-management.md. |
Security Controls Reference#
CTRL0537479 — SA.01.01: Sanctions screening for IT solutions#
Control Text: All IT solutions intended for use in sanctioned countries (both global solutions applying to all affiliates/offices and local solutions) are subject to mandatory sanctions compliance requirements.
Applicability: The IT solution is available to users in, or deployed infrastructure in, sanctioned or restricted countries.
Additional Description
IT solutions must not be made available to users or entities subject to international trade sanctions without prior authorisation from Global Legal & Patents. The list of sanctioned and high-risk countries is maintained on the Global Legal & Patents SharePoint site.
Detailed Description
This control is not applicable to AI Connectors. Access is restricted to all Novo Nordisk employees via Azure AD enterprise application group assignment — the "All Novo users" group (3bb6cc78-2024-419a-a6af-42c28127e12f) excludes identities from sanctioned countries by design. All platform infrastructure is deployed exclusively in AWS eu-central-1 (Frankfurt, Germany) with no presence in sanctioned or restricted regions.
Implementation Considerations
- access-management.md §1 — Azure AD group assignment and sanctioned country exclusion
- architecture-data-flow.md §2 — AWS eu-central-1 region (no deployment in sanctioned regions)
CTRL0537481 — PD.01.17: Data Protection Appendix (DPA)#
Control Text: If personal data in the IT solution is processed (including storage or support-related access) by a third party such as an IT supplier on behalf of Novo Nordisk, a Data Protection Appendix (DPA) must be in place with that supplier.
Applicability: Personal data is processed by a third-party supplier on behalf of Novo Nordisk.
Additional Description
A DPA is required for every supplier that acts as a data processor on behalf of Novo Nordisk (GDPR Article 28). Contact the local Data Protection Officer (DPO) for guidance.
Detailed Description
AI Connectors processes personal data exclusively within NN-approved, EU-hosted infrastructure. AWS is an approved NN supplier — the AWS Customer Agreement includes a DPA covering personal data processed in AWS eu-central-1 (ECS task logs, DynamoDB token cache, S3 audit logs, SSM Parameter Store). Microsoft is an approved NN supplier — the Microsoft Product Terms and Data Protection Addendum cover personal data processed via Azure AD and Microsoft Graph (user identity tokens, OBO token exchange). Both suppliers operate under contractual data protection obligations equivalent to internal NN standards.
Implementation Considerations
- privacy-gdpr.md §3 — DPA table for all suppliers
- privacy-gdpr.md §4 — cross-border transfer mechanisms and EU data residency
CTRL0537493 — PD.01.15: Data breach reporting#
Control Text: A procedure for handling personal data breaches related to the IT solution must be documented and communicated to relevant parties to ensure that potential personal data breaches are reported in accordance with applicable law (including GDPR Article 33/34).
Applicability: The IT solution processes personal data.
Additional Description
Under GDPR Article 33, personal data breaches must be reported to the competent supervisory authority within 72 hours of becoming aware of the breach. Under Article 34, data subjects must be notified without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
Detailed Description
Suspected breaches are detected via CloudWatch alarms, audit log anomalies, and Azure AD sign-in alerts, and escalated immediately to Global Security Operations (globalsecops@novonordisk.com) and the IT Infrastructure Manager per the documented incident response process. The IT Infrastructure Manager is responsible for triggering the NN DPO-led GDPR Article 33/34 notification process, including the 72-hour supervisory authority reporting obligation. Personal data in scope is limited to Azure AD user identity (OID, UPN) stored in audit logs and OAuth token cache entries. Post-incident review is mandatory for all Medium and above severity incidents.
Implementation Considerations
- incident-response.md §3–4 — escalation process and contact registry
- privacy-gdpr.md §5 — GDPR Article 33/34 breach notification obligations
CTRL0537501 — SU.01.01: Supplier assessment#
Control Text: Assess the supplier's ability to comply with Novo Nordisk requirements and expectations, including security, data protection, and business continuity requirements.
Applicability: The IT solution relies on IT suppliers.
Additional Description
Supplier assessments should cover the supplier's security controls, data protection practices, business continuity capabilities, and contractual compliance obligations.
Detailed Description
AI Connectors relies exclusively on NN-approved enterprise suppliers — AWS and Microsoft — that are already subject to Novo Nordisk's central supplier management and compliance frameworks. Both suppliers hold current SOC 2 Type II and ISO 27001 certifications, maintain DPAs with Novo Nordisk, and provide continuous compliance evidence via AWS Artifact and Microsoft Service Trust Portal. No independent supplier assessment is required beyond the existing NN supplier approval process that covers these suppliers.
Implementation Considerations
- supplier-vendor-assessment.md — per-supplier assessment and certification references
- privacy-gdpr.md §3 — DPA table documenting supplier compliance obligations
CTRL0537504 — PD.01.14: Retention and deletion#
Control Text: It must be possible to automatically or manually delete data in the IT solution at the end of the retention period defined by the Line of Business (LoB).
Applicability: The IT solution stores personal data.
Additional Description
A retention and deletion policy must be defined for all personal data stored in the IT solution, aligned with GDPR's storage limitation principle (Article 5(1)(e)).
Detailed Description
This control is not applicable to AI Connectors. The platform is a stateless proxy that processes personal data in-memory — all Microsoft Graph API responses are discarded at the end of each request and never persisted. The only operational data retained is the audit log (user OID and UPN, automatic S3 lifecycle deletion after 365 days) and the OAuth token cache (DynamoDB TTL of ~1 hour), neither of which constitutes personal data storage in the sense of this control.
Implementation Considerations
- privacy-gdpr.md §2 — in-memory-only processing and operational data retention periods
- backup-disaster-recovery.md §2 — S3 lifecycle policies and DynamoDB TTL configuration
CTRL0537506 — DI.06.02: Failure mode assessment and audit trail review#
Control Text: Assess and address identified failure modes and implement mitigating controls. It may be relevant to regularly review system audit trails (e.g. system or event logs) as risk mitigation.
Applicability: The IT solution has identified failure modes requiring mitigating controls.
Additional Description
Failure mode analysis should identify the ways in which the IT solution can fail, the impact of each failure, and the controls in place to mitigate or detect those failures.
Detailed Description
Key failure modes (Azure AD outage, ECS service crash, DynamoDB unavailability, SSM unavailability, Firehose delivery failure) are mitigated by CloudWatch alarms covering HTTP 5xx error rate, ECS unhealthy task count, Firehose delivery failures, and authentication error spikes, with all alarms notifying the on-call team. Every MCP tool call is recorded in an immutable S3 audit log via Kinesis Firehose, capturing user identity, tool name, outcome, and latency; S3 versioning prevents tampering and the log provides the primary audit trail for failure analysis and incident investigation. Audit logs are reviewed as part of incident response and the annual access review process.
Implementation Considerations
- logging-monitoring.md §2–3 — audit log structure and CloudWatch alarm coverage
- incident-response.md §2 — detection channels including audit log anomaly review
CTRL0537507 — PD.01.18: Cross-border data transfers#
Control Text: If personal data is transferred to a third party from the EU/EEA to other countries, determine and document the relevant legal basis for transfer, following applicable internal guidance. If using Standard Contractual Clauses (SCC) as a legal basis for transfer, a Transfer Impact Assessment (TIA) needs to be made and relevant supplementary measures implemented.
Applicability: Personal data is transferred to third parties outside EU/EEA.
Additional Description
Contract owner is responsible for ensuring a legal basis for transfer as part of the contract, including relevant assessments such as Transfer Impact Assessments where SCCs are used.
Detailed Description
This control is not applicable to AI Connectors. All platform infrastructure and data processing is confined to EU/EEA — AWS eu-central-1 (Frankfurt) and the Microsoft EU tenant. No personal data is transferred outside EU/EEA at any point, and no cross-border transfer mechanisms are required.
Implementation Considerations
- privacy-gdpr.md §4 — EU data residency and cross-border transfer assessment
CTRL0537529 — DI.05.01: User profiles (roles) — least privilege and separation of duties#
Control Text: (a) User profiles (roles) must be defined according to required privileges/authorisations. (b) User profile privileges must be limited to those required for individuals to perform their role/duties (least privilege principle). (c) Assigning user profiles to users must comply with the principle of separation of duties.
Applicability: The IT solution has user profiles or roles with defined access privileges.
Additional Description
Role definitions should reflect actual job functions, and privileged roles must be periodically reviewed to ensure continued appropriateness.
Detailed Description
User access is defined by least-privilege roles aligned to job function and enforced at the Azure AD level. End users receive read-only Graph API permissions scoped to their own identity via the OBO flow, preventing access to other users' data. Platform operators are granted time-bound elevated access via PIM and AWS SSO, with IAM roles limited to minimum required actions. Separation of duties and annual role review are documented in access-management.md.
Implementation Considerations
- access-management.md §1 — Azure AD group assignment, OBO token scoping, and least-privilege access model
- access-management.md §3 — Platform operator roles, PIM activation, and AWS SSO session limits
- sc-01-access-management.md — SC.01.02 (least privilege) and SC.01.03 (access review)
CTRL0537530 — DI.04.01: Automated transfer verification#
Control Text: Automated transfer processes (for example transferring GxP data from one IT solution to another) must include appropriate built-in verification checks for the transfer of data. Note: In this context GxP data (besides associated metadata) also includes audit trail and applied GxP signatures.
Applicability: The IT solution performs automated data transfers between IT solutions.
Additional Description
Verification checks should confirm data completeness, integrity, and accuracy after automated transfers.
Detailed Description
This control is not applicable to AI Connectors. The platform is a stateless read-only proxy — it calls Microsoft Graph and returns results within the same request, with no data persisted or moved between systems. No ETL pipelines, batch transfers, or automated inter-system data movement exists.
Implementation Considerations
- architecture-data-flow.md §2 — stateless proxy architecture and data flow diagram
CTRL0537535 — DI.01.01: Input data verification#
Control Text: Input GxP data must as relevant and possible be verified by the receiving IT solution.
Applicability: The IT solution receives input data that must be validated.
Additional Description
Verification may include format checks, range checks, completeness checks, and referential integrity checks depending on the nature of the data and its downstream use.
Detailed Description
All MCP tool call inputs are validated via Pydantic models at the API boundary, rejecting invalid requests before any Graph API call is made. OAuth tokens are validated on every request by the OBOAuthenticator, covering signature, expiry, audience, and tenant. Graph API responses are passed through to the client without transformation, preserving data integrity end-to-end. Full implementation details are referenced in security-baseline.md and sc-04-vulnerability-patch-management.md.
Implementation Considerations
- security-baseline.md — input validation standards and Pydantic model enforcement
- sc-04-vulnerability-patch-management.md — SAST scanning coverage for input validation logic