Platform / Product

Pricing

Services

Contact

Book a Demo

Security White Paper

A comprehensive overview of Cyrigo's security architecture, organizational practices, and data

protection standards.

LAST UPDATED

November 12, 2024

Contents

1. Introduction

2. Organizational Security

3. Infrastructure Overview

4. Data Protection

5. Authentication

6. Application Security

7. System & Server

8. Monitoring & Incident

9. Backup & Recovery

10. Outsourced Ops

12. Personnel Security

13. Commitment

1. Introduction and Overview

Cyrigo AS is a growing cybersecurity company with a strong foundation built on research and experience from

NTNU. We offer a cutting-edge SaaS platform designed to help businesses efficiently manage risks, compliance,

and cybersecurity. It provides a complete overview and control of suppliers, information systems, and privacy

management.

Security is a core part of Cyrigo’s mission. We design every part of our platform and operations with security,

privacy, and reliability in mind — from our infrastructure and development processes to how we handle customer

data and access control.

2. Organizational Security

Cyrigo AS operates from our main offices in Norway, located in Studievegen 16, 2815 Gjøvik. The offices have

access-controlled and physically protected facilities. As a small and specialized team, we manage very limited

on-premises infrastructure, allowing us to focus our security efforts on endpoints, identities, and cloud

environments.

All company devices are managed through Microsoft Intune, ensuring they remain secure and compliant, while

Microsoft Entra ID provides centralized identity and access management with strong authentication. Cyrigo AS

applies a risk-based approach, maintaining a clear overview of vendors, IT systems, assets, and security

controls.

Cyrigo AS actively aligns with recognized information security frameworks such as ISO 27001 and ISO 27002,

and our primary reference standard is ISO 27005.

3. Application Infrastructure Overview

Our platform is hosted on secure servers located in Scandinavian data centers, ensuring compliance with

European data protection regulations (GDPR).

Separation of Environments

Separate production and test environments to ensure

data integrity.

High Availability

Redundancy and monitoring mechanisms ensure services

remain reliable.

Separation of Environments

Separate production and test environments to ensure

data integrity.

High Availability

Redundancy and monitoring mechanisms ensure services

remain reliable.

Dedicated Operations

Proactive monitoring, patching, and incident response via

trusted partners.

Data Protection

All customer data is stored within the EU/EEA, encrypted

both in transit and at rest.

4. Data Protection

Cyrigo AS ensures that all customer data is handled securely and confidentially. We use modern encryption

standards to protect data both when it is stored and when it is transferred.

Data Segregation

We ensure data segregation measures within our platform to prevent accidental or unauthorized access. Each customer's data

is isolated.

Private Instances

For customers with higher security requirements, we offer a Private Instance of Cyrigo with dedicated versioning and backend

systems.

GDPR Compliance

Cyrigo AS is committed to data privacy. We process data strictly on behalf of the customer as a Data Processor.

5. Authentication and Authorization

Cyrigo offers secure and flexible authentication options. Users can log in using a username and password that

follow industry best practices, or through Microsoft Entra ID.

Single Sign-On (SSO) for streamlined access

Multi-Factor Authentication (MFA) for added protection

Role-Based Access Control (RBAC) to ensure least-privilege access

6. Application Security

Security is built into every part of Cyrigo’s development and operations. We follow recognized secure coding

principles and perform regular code reviews and automatic vulnerability testing.

7. System and Server Security

Our systems are hosted in Scandinavian data centers, where servers are continuously updated and monitored.

Firewalls with strict rule sets limit incoming traffic.

8. Monitoring and Incident Response

We combine local monitoring with external uptime services. If any disruption occurs, automated alerts are sent to

the Cyrigo operations team for immediate investigation.

9. Backup and Recovery

Local backups are performed several times per day. Offsite backups are daily and stored securely in an EU data

center. All backup data is transferred through encrypted connections.

10. Outsourced Operations and Security

Cyrigo partners with OffCenit AS for managed hosting and security operations. OffCenit follows established best

practices for Linux server security and system hardening.

12. Personnel Security

Confidentiality (NDAs)

All personnel sign confidentiality agreements to protect

customer information.

Security Awareness

Employees receive regular security training for best practices

and emerging threats.

Trusted Partners

We work exclusively with subcontractors located in NATO, EU,

or EEA countries.

13. Commitment to Continuous Security

Cyrigo AS is committed to maintaining a strong and transparent security posture. We continuously assess,

improve, and document our practices to ensure our customers can rely on Cyrigo as a trusted partner.

Still have questions?

Our security team is ready to provide deep-dive documentation or discuss

specific compliance requirements for your enterprise.

Get in touch!

View FAQ

Precision in Security. Engineered for resilience

and designed for governance.

CONTACT

Get in Touch

Support

TERMS

Terms of Service

Usage Policy

SECURITY

Security Overview

Compliance

© 2024 Cyrigo AS. All rights reserved.

Privacy policy

Terms

Compliance