Ciso Logo
Ciso Logo

Security in Ciso

Published: March 19, 2026Last updated: March 20, 2026

Our goal is to provide a platform where information can be handled in a secure, controlled, and traceable manner. Security is therefore integrated throughout the entire lifecycle: development, operations, monitoring, and continuous improvement.

This page provides an overview of how security is structured and how responsibilities are distributed.

Shared responsibility model

Security in Ciso is based on a shared responsibility model between us as the service provider and our infrastructure partner Elastx.

Elastx is responsible for the security of the underlying cloud infrastructure, including data centers, network, hardware, and physical security. We are responsible for the application, data protection, access controls, operations, and monitoring. The customer is responsible for how the system is used and what data is entered.

This division of responsibility is standard for cloud services and ensures that each layer is handled by the party best suited to protect it.

In summary:

  • Elastx: Infrastructure, data centers, network, and physical security
  • Ciso (Omegapoint): Application, security features, operations, and data handling
  • Customer: Use of the system and content stored in the service

Secure infrastructure foundation

Ciso is hosted in Sweden by Elastx. The platform is built for high availability and security, with three geographically separated data centers in the Stockholm region. These are close enough for low latency but sufficiently separated to withstand local disruptions.

The infrastructure is designed to be robust, redundant, and protected against both physical and digital threats.

This includes:

  • ISO 27001-certified infrastructure
  • Redundancy in power, networking, and cooling
  • Physical security with surveillance, access control, and logging
  • Protection against intrusions and DDoS attacks
  • Encrypted communication between data centers

Our security practices

In addition to the infrastructure, we actively work with security across all aspects of Ciso – from architecture and development to operations and monitoring.

The system is designed to protect customer data through isolation, strict access control, and traceability. We apply established security principles such as least privilege, defense-in-depth, and zero trust where appropriate.

Security is not a standalone feature, but an integrated part of how the system is built and operated.

Key elements include:

  • Customer isolation (dedicated instance and database per customer)
  • Role-based access control and support for multi-factor authentication
  • Encryption of data in transit and protection of stored data
  • Centralized logging, monitoring, and anomaly detection
  • Established incident management processes
  • Secure development practices with code review and testing

Operations, continuity, and resilience

The platform is designed to handle disruptions and incidents without compromising data integrity or availability.

Through automation, structured processes, and a modern architecture, we ensure the ability to restore systems and data quickly when needed.

Examples include:

  • Regular and verified backups
  • Point-in-time restore capabilities
  • Geographically separated backups
  • Reproducible infrastructure using Infrastructure as Code
  • Controlled release and change processes
  • Rollback capabilities in case of incidents

Data location and compliance

All data is stored and processed within Sweden. This ensures strong control over data handling and supports compliance with regulations such as GDPR.

We have agreements in place with our subprocessors governing how data is handled, protected, and deleted. No transfer of personal data to third countries occurs within the scope of the service.

Summary

Security in Ciso is built on multiple layers working together, where both infrastructure and application are designed to protect sensitive information.

This means that:

  • The platform is hosted in a secure and redundant environment in Sweden
  • Customer data is strictly isolated between organizations
  • Access to systems and data is controlled and traceable
  • Data is protected through encryption and secure storage
  • Systems are continuously monitored and incidents are handled systematically
  • Backup and recovery ensure data integrity even in severe scenarios

Together, this creates a solution where sensitive information, such as risk registers, can be handled with a high level of security and reliability.