Information security and data protection are at the core of Granite’s operations, from operations management, service production, product development and, above all, what the personnel do.
We follow comprehensive technical and organisational principles and measures to ensure that data protection and information security are implemented.
Our operations, as well as the Granite platform and services, and the security practices of our operations, are regularly audited by external experts.
Our information security management system is ISO 27001 certified. Our data protection policy is based on the requirements of the EU General Data Protection Regulation (GDPR).
As data centre service providers, we only use the most reliable ISO 27001-certified parties.
The Granite system encrypts all data between the end users of the tools and your data. All customer data is encrypted in sleep mode and during transfer using common industry standards, tools and best practices in all work.
Granite’s access and data management rights are tailored to the customer’s process and business needs.
The Granite system supports the use of SAML 2.0 technology for single sign-on (SSO). Central authentication and management supports the comprehensive deployment of the tools and the achievement of the customer’s goals on the Granite platform and tools.
The Granite system is built on the ISO27001-certified private cloud platform of Equinix Finland Oy. The servers and data are located in Finland.
Granite’s entire system infrastructure is built behind firewalls. The architecture of our solution is based on three tiers (client, application and data). Internal and external access to the data is more limited the closer we get to where the data is stored.
It is possible to create customer and partner interfaces to the Granite system and tools through the secure RESTful API.
Granite complies with all applicable data protection laws, such as the GDPR. Customer data on the Granite platform is treated as confidential and never sold. For more information about our platform’s privacy settings and how your data is processed, please refer to our data processing policy.
Granite’s recruitment is conditional on a background check carried out by the authorities. In addition, all Granite employees sign a written non-disclosure agreement that requires them to keep customer information confidential.
Annual completed online training in security and data protection is mandatory for all Granite employees.
Access to our customers’ information and data is strictly restricted with user rights. Granite employees can use only customer data or environments for customer work and to enable and support customer use. Our subcontractors do not have access to customer data.
Our Information Security Management System (ISMS) covers all Granite operations and service production. The management system is certified in accordance with ISO/IEC 27001:2013.
Data protection and information security are the starting points of our service production. We adhere to the principles of secure programming at all stages of product development and take care of the implementation of data protection with diverse controls.
The risk management policy covers the risks and opportunities related to our business. Risk management ensures the development and continuity of long-term business operations.
One of the basic requirements of our business is smooth and functional information management. The information security policy supports the implementation of secure data management and compliance with the ISO 27001 requirements at all levels of the company.
We are fully prepared for disruptive situations related to our business and service production and their management. The continuity plan describes the principles in this regard on a practical level.