Security

Is it less secure to store accounting, payroll, and customer data in the cloud? No. Properly configured, the cloud is far safer than local machines. Here’s what we do – and what you can expect.

Last updated: 04.10.2025
Data processor/provider: Reai AS (orgnr: 935606403 ) · [email protected] · Søndre Kullerød 8, 3241 Sandefjord

Certifications (in progress)

We are in the process of formalising and auditing the following standards:

  • ISO 27001 (ISMS) – Information Security Management System (in progress).
  • ISO 9001 (Quality) – Quality management system for delivery and improvement (in progress).
  • ISAE 3402 – Independent attestation of relevant internal controls (planned).

Until certifications are completed, we follow the standards’ principles and documentation requirements as far as relevant for our services.

Our commitments

Availability and security are core requirements. We design for security by default and minimal downtime, with ongoing improvements, monitoring, and incident management.

Availability

  • 24/7/365 operations with planned maintenance during low-traffic periods.
  • Goal: high uptime with geo-/zone redundancy in the infrastructure.
  • Monitoring of key services, alert routines, and rolling deployments to reduce risk.

Access control

  • Encryption of data in transit (TLS) and at rest where relevant.
  • Access management based on least privilege, MFA for staff and admin interfaces.
  • Passwords stored as strong, salted hashes; complexity and rotation requirements for privileged accounts.
  • Firewalls/WAF and automatic blocks on suspicious activity.

Backup and data protection

  • Continuous replication and regular backup jobs with recovery testing.
  • Redundancy across separate infrastructure zones.
  • Processing logs and configuration are versioned; changes are traceable.
  • Retention periods follow legal requirements and purpose; deletion/anonymisation when data is no longer needed.

Data export and portability

You can always export your own data from the system in common file formats. Upon termination, data can be returned or deleted by agreement.