Safeture’s security and availability architecture is based on ISO/IEC 27002:2013 controls, ensuring best-practice protection policies are implemented in accordance with industry standards.Physical Security & Data Hosting
Safeture uses Fortlax and AddPro data centers, both of which are ISO/IEC 27001:2013 certified. The data and services are hosted in Sweden and are not subject to the US Cloud Act.
Dedicated Security Team
Safeture’s security team is on call 24/7 to respond to security events and incidents.
Intrusion Detection and Prevention
Safeture has designed multiple layers of security monitoring to detect anomalous behavior. Where behaviors are detected outside the accepted scope, the 24/7 on-duty security team starts investigating and takes the appropriate action.
Logical Access
Access to the Safeture production environment is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited, continuously monitored, and is controlled by our Operations Team. A restricted group DevOps personnel has access to the Safeture production environment and are required to use multiple factors of authentication.
Failover and DR
Safeture was built with disaster recovery in mind. All infrastructure and data are spread across the two data centers and will continue to operate, should any one of those data centers fail.
Virtual Data Centres
All Safeture servers are within our own virtual data centres (VCenter) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
Back Ups and Monitoring
On an application level, Safeture produces audit logs for all internal and customer admin activities, ships logs to a central Graylog for analysis, and uses the hosting provider’s back up soloution for archive purposes. All actions taken on production consoles or in the Safeture application are logged.
Permissions and Authentication
Access to customer data is limited to authorized privileged employees who require it for their role responsibilities. Safeture runs a zero-trust corporate network. We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on all hosting services to ensure protected access.
Encryption
All data sent to or from Safeture is encrypted in transit using HTTPS/TLS1.2+. Our API and application endpoints are minimum TLS1.2 and score an “A+” rating on Qualys SSL Labs‘ tests. This ensures we only use strong and correct cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Pentests & Vulnerability Scanning
Twice a year we engage alternating independent third-party security experts to perform detailed penetration tests on the Safeture application and network, and full source code reviews. Customers are also welcome to perform their own indenpendant penetration tests.
Security Incident Response
In case of a system alert, events are escalated to Safeture’s 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths. All incidents are logged according to the incident management policy.
