Security White Paper
A comprehensive overview of Cyrigo's security architecture, organizational practices, and data
protection standards.
LAST UPDATED
November 12, 2024
Contents
1. Introduction
2. Organizational Security
3. Infrastructure Overview
4. Data Protection
5. Authentication
6. Application Security
7. System & Server
8. Monitoring & Incident
9. Backup & Recovery
10. Outsourced Ops
12. Personnel Security
13. Commitment
1. Introduction and Overview
Cyrigo AS is a growing cybersecurity company with a strong foundation built on research and experience from
NTNU. We offer a cutting-edge SaaS platform designed to help businesses efficiently manage risks, compliance,
and cybersecurity. It provides a complete overview and control of suppliers, information systems, and privacy
management.
Security is a core part of Cyrigo’s mission. We design every part of our platform and operations with security,
privacy, and reliability in mind — from our infrastructure and development processes to how we handle customer
data and access control.
2. Organizational Security
Cyrigo AS operates from our main offices in Norway, located in Studievegen 16, 2815 Gjøvik. The offices have
access-controlled and physically protected facilities. As a small and specialized team, we manage very limited
on-premises infrastructure, allowing us to focus our security efforts on endpoints, identities, and cloud
environments.
All company devices are managed through Microsoft Intune, ensuring they remain secure and compliant, while
Microsoft Entra ID provides centralized identity and access management with strong authentication. Cyrigo AS
applies a risk-based approach, maintaining a clear overview of vendors, IT systems, assets, and security
controls.
Cyrigo AS actively aligns with recognized information security frameworks such as ISO 27001 and ISO 27002,
and our primary reference standard is ISO 27005.
3. Application Infrastructure Overview
Our platform is hosted on secure servers located in Scandinavian data centers, ensuring compliance with
European data protection regulations (GDPR).
Separation of Environments
Separate production and test environments to ensure
data integrity.
High Availability
Redundancy and monitoring mechanisms ensure services
remain reliable.
Separation of Environments
Separate production and test environments to ensure
data integrity.
High Availability
Redundancy and monitoring mechanisms ensure services
remain reliable.
Dedicated Operations
Proactive monitoring, patching, and incident response via
trusted partners.
Data Protection
All customer data is stored within the EU/EEA, encrypted
both in transit and at rest.
4. Data Protection
Cyrigo AS ensures that all customer data is handled securely and confidentially. We use modern encryption
standards to protect data both when it is stored and when it is transferred.
Data Segregation
We ensure data segregation measures within our platform to prevent accidental or unauthorized access. Each customer's data
is isolated.
Private Instances
For customers with higher security requirements, we offer a Private Instance of Cyrigo with dedicated versioning and backend
systems.
GDPR Compliance
Cyrigo AS is committed to data privacy. We process data strictly on behalf of the customer as a Data Processor.
5. Authentication and Authorization
Cyrigo offers secure and flexible authentication options. Users can log in using a username and password that
follow industry best practices, or through Microsoft Entra ID.
Single Sign-On (SSO) for streamlined access
Multi-Factor Authentication (MFA) for added protection
Role-Based Access Control (RBAC) to ensure least-privilege access
6. Application Security
Security is built into every part of Cyrigo’s development and operations. We follow recognized secure coding
principles and perform regular code reviews and automatic vulnerability testing.
7. System and Server Security
Our systems are hosted in Scandinavian data centers, where servers are continuously updated and monitored.
Firewalls with strict rule sets limit incoming traffic.
8. Monitoring and Incident Response
We combine local monitoring with external uptime services. If any disruption occurs, automated alerts are sent to
the Cyrigo operations team for immediate investigation.
9. Backup and Recovery
Local backups are performed several times per day. Offsite backups are daily and stored securely in an EU data
center. All backup data is transferred through encrypted connections.
10. Outsourced Operations and Security
Cyrigo partners with OffCenit AS for managed hosting and security operations. OffCenit follows established best
practices for Linux server security and system hardening.
12. Personnel Security
Confidentiality (NDAs)
All personnel sign confidentiality agreements to protect
customer information.
Security Awareness
Employees receive regular security training for best practices
and emerging threats.
Trusted Partners
We work exclusively with subcontractors located in NATO, EU,
or EEA countries.
13. Commitment to Continuous Security
Cyrigo AS is committed to maintaining a strong and transparent security posture. We continuously assess,
improve, and document our practices to ensure our customers can rely on Cyrigo as a trusted partner.
Still have questions?
Our security team is ready to provide deep-dive documentation or discuss
specific compliance requirements for your enterprise.
Get in touch!
View FAQ

Precision in Security. Engineered for resilience
and designed for governance.
CONTACT
Get in Touch
Support
TERMS
Terms of Service
Usage Policy
SECURITY
Security Overview
Compliance
© 2024 Cyrigo AS. All rights reserved.
Privacy policy
Terms
Compliance
