Information security and data protection are at the core of Granite’s operations, from operations management, service production, product development and, above all, what the personnel do.
We follow comprehensive technical and organisational principles and measures to ensure that data protection and information security are implemented.
Our operations, as well as the Granite platform and services, and the security practices of our operations, are regularly audited by external experts.
Our information security management system is ISO 27001 certified. Our data protection policy is based on the requirements of the EU General Data Protection Regulation (GDPR).
As data centre service providers, we only use the most reliable ISO 27001-certified parties.
Granite complies with all applicable data protection laws, such as the GDPR. Customer data on the Granite platform is treated as confidential and never sold. For more information about our platform’s privacy settings and how your data is processed, please refer to our data processing policy.
Granite’s recruitment is conditional on a background check carried out by the authorities. In addition, all Granite employees sign a written non-disclosure agreement that requires them to keep customer information confidential.
Annual completed online training in security and data protection is mandatory for all Granite employees.
Access to our customers’ information and data is strictly restricted with user rights. Granite employees can use only customer data or environments for customer work and to enable and support customer use. Our subcontractors do not have access to customer data.
Our Information Security Management System (ISMS) covers all Granite operations and service production. The management system is certified in accordance with ISO/IEC 27001:2013.
Data protection and information security are the starting points of our service production. We adhere to the principles of secure programming at all stages of product development and take care of the implementation of data protection with diverse controls.
The risk management policy covers the risks and opportunities related to our business. Risk management ensures the development and continuity of long-term business operations.
One of the basic requirements of our business is smooth and functional information management. The information security policy supports the implementation of secure data management and compliance with the ISO 27001 requirements at all levels of the company.
We are fully prepared for disruptive situations related to our business and service production and their management. The continuity plan describes the principles in this regard on a practical level.