We place security and data at the core of all of our tools. We are committed to ensuring secure and safe management across our organisation, from operations management, through to product development and service delivery.
Our robust security framework includes technical safeguards and principles, meaning we keep adherence standards high!
For quality control, independent experts regularly audit our platform, services and practices.
Our Information Security Management System (ISMS) is ISO 27001 certified. We are fully GDPR compliant.
We exclusively use highly reliable, ISO 27001-certified data centre providers.
Your data is critical information and we take it seriously. Here’s how we keep information fundamentally secure at Granite.
We encrypt data when it’s stored and when it’s moving between systems. Using industry best practices, this includes data “at rest” and data “in transit” for the best encryption you can get.
We customise what data is available to whom, based on what your business needs. So you can ensure data is safe and responsibly managed.
Our platform supports SAML 2.0 technology for Single Sign-On (SSO). One centralised and authenticated login adds efficiency and safety to the process
Our cloud architecture is based on a restricted and secure private cloud environment. The Granite platform operates on Equinix’s ISO/IEC 27001-certified private cloud infrastructure. All servers and data are located in Finland. Customer data is stored in dedicated databases specific to each customer.
Secure, modern, and well-documented RESTful APIs enable integration between customer or partner systems.
Your security framework relies on excellent continuity planning and incident management.
Maintaining operations and delivery of secure, reliable services is crucial for success. Our service helps you achieve that continuity.
We will let you know if anything happens that impacts your service, and we can back it up with comprehensive reports if you need them.
Granite’s employees are fully briefed on how to deal with minor deviations or potential security breaches. They will promptly identify, document and report to our security team. We then assess if this is an opportunity for improvement for the future.
Our server and data centre providers continuously monitor incoming and outgoing data traffic. Any detected anomalies are promptly reported, investigated, and addressed accordingly.
The digital landscape is ever-changing and so are its threats. We stay one step ahead, to assess and lower your risks.
Vulnerability scanning is an essential part of Granite’s software development process. We employ multiple automated scanning tools and conduct analyses to identify OWASP vulnerabilities and other code defects. Additionally, we perform comprehensive automated testing across the Granite platform. Identified vulnerabilities are managed through our vulnerability management process.
We bring in external security specialists once a year, to conduct comprehensive technical security assessment of our entire platform for maximum peace of mind.
We take data privacy and compliance very seriously, following GDPR compliant practices at every step, ensuring our customers can confidently navigate.
Granite follows all the important privacy laws and regulations, including GDPR legislation. Customer data is handled confidentially and used solely for the provision of our services. Want more details? Ask us for our data processing documentation.
Everyone who works for us has gone through a security clearance process, and signed confidentiality agreements committing to data privacy at every step.
All of our staff complete yearly cybersecurity and data privacy training, to constantly upskill and keep up to date with latest guidelines.
We enforce strict permission based access to data. Our team can only access customer information to provide support or assistance to customers, nothing more.
Our certified ISMS covers all of Granite’s operations and process, meaning every part of service delivery complies with ISO/IEC 27001:2022.
Data protection and security are at the heart of our service. We use secure coding principles with strict control measures, every step of the product development.
Granite’s risk management policy actively looks for risks and opportunities, helping us to achieve long term success. We aim for our operations to achieve sustainable development and longevity.
Efficient and secure information management is everything to us at Granite. ISO 27001 compliance is supported throughout the entire operation.
Disruptions can happen. We constantly look ahead at potential problems, with robust and practical plans to reduce or remove their impact. Our continuity plan is all about ensuring a smooth service, even when faced with challenges.
We are fully committed to transparency in all aspects of our handling of data. Only essential data is used, only when absolutely needed, and only by the people that need it to service our customers. Nothing else. Plus we are fully EU GDPR compliant.