Information security and privacy

Your security is our priority

At Trapets, we understand that security and the protection of customer data are crucial to our solutions and adhere to high information security management standards.

Information security

The character of our business imposes a robust framework for managing our customers' data security.  We have been an ISO 27001-certified company since 2018. 

We have a privacy management system that is led by the Chief Executive Officer (CEO) and supported by the Data Protection Officer (DPO) and the Chief Information Security Officer (CISO). We also work proactively to prevent any unauthorised or unlawful access, use, disclosure, modification, or destruction of data, including: 

  • Data location

    Storing and processing data in multiple locations within Europe to ensure availability and resilience.

  • Data encryption

    Encrypting data in transit and at rest using advanced encryption standards and protocols.

  • Data backup

    Backing up data regularly and storing it in geographically redundant locations with encryption and access control.

  • Staff training

    Providing security risk training to our developers and security awareness training to all our staff annually.

  • Audits

    Conducting internal and external security audits.

  • Access restriction

    Only allowing access to our systems and applications from trusted IP addresses or domains.

Information security policy

At Trapets, we understand that security and the protection of customer data are crucial to our services to customers, and we adhere to high information security management standards. Information security is core at Trapets, and we continually develop and improve our information security management system (ISMS). 

Trapets has been certified under ISO 27001 since 2018, and our current certification under ISO27001 is valid until 2027. This policy outlines the ways in which Trapets protects our services, our information assets and our customers’ data against threats related to information security, including cyber threats, to secure the security and resilience of our services and the confidentiality, integrity and availability of the data of both Trapets and our customers.

This policy is a level one policy within the Trapets policy framework. Further details around how we manage information security in our service delivery and daily operations are set out in several more specific level two policies and level three routines.

Definition

Information security refers to both information security and cyber security in Trapets’ organisation, premises and IT environment. Information security is an integral part of our business operations, and this Information Security Policy provides a company-wide view of information security issues.

Policy content

Trapets ensures information security in our services and daily business operations by:

  • Identifying and handling threats directed to Trapets 's IT systems, both internal or
    external, intentional or inadvertent.
  • Providing onboarding and frequently re-occurring information security training to all
    employees
  • Protecting information assets from unauthorized access and use
  • Protecting all portable IT-related equipment against unauthorized access
  • Protecting Trapets 's networks and other IT equipment by the required IT security
    measures
  • Making sure that the use of Trapets 's IT resources must not be contrary to our
    business goals
  • Ensuring the availability of IT systems and the correctness of data
  • Meeting requirements in laws and regulations and other binding requirements
  • Establishing, maintaining and testing disaster recovery plans
  • Reporting and handling all security incidents, both identified and suspected and handling them according to the instructions
  • Overseeing IT security activities through a coordination function
  • Preventing and / or limiting the effects of unwanted events
  • By a systematic approach, Trapets will ensure continuous improvements of the information security system.

Data security and integrity

We prioritise the security and integrity of data, which is why we have an information security management system and a comprehensive information security policy framework. We have been certified according to ISO27001 since 2018.

The information security and privacy management system is governed by the Chief Executive Officer (CEO) and supported by the Data Protection Officer (DPO) and Chief Information Security Officer (CISO). 

Our information security policy framework includes information classification, business continuity and disaster recovery, back-ups, access management, risk- and incident management, encryption and secure development.

Data privacy

We understand and respect the importance of data privacy and comply with the General Data Protection Regulation (GDPR). We only process personal data for legitimate purposes and with appropriate safeguards. In addition to the GDPR, some of the personal data we process for our customers are also covered by legislation on bank secrecy or similar legislation. We are committed to governing privacy accordingly.

Trapets processing of personal data within our service delivery, as processor for our customers (the controllers) is governed by the Data Protection Policy and Data Processing Agreements between Trapets and our customers. Other processing of personal data by Trapets is described in the Trapets Privacy Policy.

Information security measures

To prevent any unauthorised or unlawful access, use, disclosure, modification, or destruction of data, we implement various technical and organisational measures, such as:

  • Storing and processing data in multiple locations within Europe to ensure availability and resilience.
  • Encrypting data in transit and at rest using advanced encryption standards and protocols.
  • Enforcing strong password policies and multi-factor authentication for all our users and systems.
  • Using anti-malware, firewall, IPS, and DDoS protection tools to detect and block any malicious or suspicious activity.
  • Backing up data regularly and storing it in geographically redundant locations with encryption and access control.
  • Assigning different access rights and privileges levels to other users and groups based on their roles and responsibilities.
  • Restricting server access to authorised personnel only through a jump host, MFA, and dedicated VPN.
  • Applying security patches and updates to all our devices and systems.
  • Enforcing idle timeout policies for VPN, clients, applications, and servers.
  • Providing security awareness training sessions and quizzes to all our staff annually.
  • Training our developers on the OWASP Top 10 web application security risks and how to prevent them.
  • Scanning our code for any errors, vulnerabilities, or quality issues before deployment.
  • Conducting regular penetration testing and vulnerability scanning by external and internal experts.
  • Separating different functions and tasks among various staff members to prevent conflicts of interest, fraud, or errors.
  • Conducting internal and external security audits to verify the effectiveness of our security controls and compliance with relevant standards and regulations.
  • A dedicated incident response team and a security operations centre that monitors, analyses, responds, reports, and escalates any security events or issues 24/7/365.
  • Only allowing access to our systems and applications from trusted IP addresses or domains.

Trust centre

Discover more

  • Two people standing in a meeting room with a blurred background.

    Trust centre

    Our Trust Centre is designed to provide you with information about information security practices, data protection measures, and code of conduct.

  • A modern office setting with a group of people seated around a wooden conference table.

    Code of conduct

    We must observe high ethical principles in all our activities. Each individual is critical in defining and protecting our most valuable asset - trust.

  • Man in a green sweater working on a laptop at a wooden desk with office supplies.

    Data protection policy

    This policy describes the organisational and technical safeguards Trapets has implemented to protect personal data as processor for our customers.