Maps mainly to ISO 27001
- Hosting within the EEA, documented per subprocessor
- Encryption at rest (AES-256) and in transit (TLS 1.2 or higher)
- Network segmentation between customer environments, dev, staging and production
- Key management with rotation and separated access
- Backups with tested restore procedure and defined retention
- DDoS protection and Web Application Firewall (WAF)
- Patch and vulnerability management with SLA per severity
- Business continuity and disaster recovery plan, tested annually
- Logical separation of customer data (multi-tenant isolation)