Your Security is Our Ongoing Commitment

Your Security is Our Ongoing Commitment

Cybersecurity is not a static endeavor; it's a continuous process of adaptation and improvement. At EG, we are dedicated to staying ahead of evolving threats and investing in the latest security technologies and expertise. Your security remains our top priority, and we are committed to providing you with a secure and reliable products you can trust.​

Multi-Layered Security

​We believe in a "defense in depth" approach, implementing multiple layers of security controls to protect your data from various threats. This isn't just about one firewall; it's a holistic system designed to anticipate, prevent, detect, and respond to security incidents. Our approach to cybersecurity includes:​

  • Modern security architecture: we continuously improve our security by building a strong and scalable security architecture.​​

  • Protecting data: we safeguard data with access control, endpoint and identity protection, malware controls, encryption, network defense, protected backups and more.​​

  • Real-time 24/7 monitoring: we continously monitor security in real-time to ensure rapid detection and response.​​

  • Verifying effectiveness: we verify our security posture through penetration testing, vulnerability scanning, application testing, phishing simulations and more.​​

  • Cyber resilience: we create, maintain and test recovery scenarios to build resilience.​​

  • Ensuring built-in security: we embed security in our development life-cycle and conduct application security testing to ensure security by design in our solutions.

Compliance and Certifications

We are dedicated to enhancing security by complying with regulatory obligations and security standards. This is achieved, in particular, by:​

  • Adhering to best practices: we govern our security program by following the internationally recognized CIS Controls and ISO 27001 frameworks for security.​​

  • Continuous improvement: we run a comprehensive security program focused on the continuous improvement of security.​​

  • Maintaining and improving policies: we maintain and improve a set of security and privacy policies to ensure compliance with regulatory and other requirements.​​

  • Protecting personal data: we take special care to protect the personal data of our customers, their customers, our employees, and all others in compliance with privacy & GDPR regulations.​​

  • Certifications: we are ISAE 3402 certified for our security and ISAE 3000 for our privacy measures.​​

  • NIS 2 compliance: we introduced measures to fulfil our obligations resulting from NIS2 regulation.​

Supply Chain Security​

We are using only renowned service and software providers ensuring a high level of security. We closely monitor risk related to our suppliers and work on improvements.​

  • Hosting security​: we cooperate with renowned hosting providers is Nordics and leading public cloud platforms to ensure that our IT infrastructure is located in secure locations with strong physical and environmental controls​, running on modern infrastructure​, monitored for security and availability​, highly available and redundant​, security certified (SOC 2, ISAE 3402, ISO 27001).​

  • Careful selection of providers: we carefully select our providers by performing security assessments and choosing those with certifications such as ISAE 3402, SOC 2, ISO 27001 or PCI DSS.​​

  • Third party monitoring: we closely monitor risk related to our suppliers and work on improvements. Important providers are monitored for security either through regular meetings or periodic security re-assessments.​​

  • Leading security solutions: for security purposes, we choose only leading world-class providers and tools, that have proven to effectively combat cyber threats.​​

  • Contractual security: we ensure contractual security by defining security requirements that we verify or impose on our suppliers.

Comprehensive Cyber Resilience

We understand that while prevention is paramount we need to be ready for the difficult situations. Therefore, we maintain robust cyber resilience readiness focused on our ability to anticipate, withstand, recover from, and adapt to cyber incidents. This includes:

  • Detailed Incident Response Plans: Meticulously crafted and regularly updated plans outlining clear procedures for detection, containment, eradication, and post-incident analysis.​

  • Business Continuity & Disaster Recovery: plans focused on continuity and recovery, such as redundant systems, failover capabilities, and geographically diverse, immutable backups, to ensure uninterrupted service delivery and rapid restoration of critical operations.​

  • Regular Drills and Tabletop Exercises: We conduct realistic simulations of various attack scenarios to validate our response plans, train our teams, and foster muscle memory for effective incident management.​

  • Post-Incident Learning & Adaptation: Every incident, regardless of its scale, serves as a critical learning opportunity. We conduct thorough post-incident reviews to identify root causes, enhance our controls, and adapt our security posture to prevent recurrence.