Security
Ciso is designed to handle sensitive information with a high level of security and control. The platform is operated in Sweden by an ISO/IEC 27001-certified infrastructure provider and is developed within the framework of an ISO/IEC 27001-certified information security management system.
Customer data is strictly isolated between organizations and protected through encryption, access controls, and continuous monitoring. The platform is designed for high availability, with built-in redundancy, backup capabilities, and established processes for incident management and recovery.
Security is based on a layered defense model, where infrastructure, application, and operations are all governed by clearly defined processes and technical controls. This enables the secure handling of sensitive data, such as risk registers and other business-critical information.
Security in Ciso
Ciso is designed and operated to handle sensitive information such as risk registers, security-classified data, and compliance-related information. The security of the service is based on multiple layers working together – from the underlying infrastructure to application design and internal processes.
Infrastructure and Operations
Ciso is hosted by Elastx, a Swedish cloud infrastructure provider focused on security, availability, and data protection. Elastx is ISO/IEC 27001 certified and provides a platform designed for business-critical systems and sensitive data.
Our Security Practices
In addition to the security provided by our infrastructure provider, we actively and systematically work with security across all aspects of Ciso. Security is an integral part of how the system is developed, operated, and maintained, and includes both technical and organizational measures.
Operations, Backup and Continuity
The operation of Ciso is designed to ensure high availability, data integrity, and rapid recovery in the event of incidents. The platform is built on modern technical principles with a high degree of automation, redundancy, and control, providing strong conditions for stable and secure operation.
Compliance and Data Protection
Ciso is designed to handle sensitive information in accordance with applicable laws and established security standards. Our security practices are governed by ISO/IEC 27001 through Omegapoint, and the infrastructure is provided by Elastx, which is also certified according to ISO/IEC 27001.
Product Development and Governance
Security in Ciso is not only a characteristic of the technical solution, but a result of how the product is developed, governed, and maintained over time. Through a structured product organization, established development processes, and continuous follow-up, we ensure that security, quality, and compliance are maintained in every change to the system.