Trust is paramount at Netigate. The Trust Center serves as a central, public resource to answer questions about our security, privacy, and compliance practices. It provides easy access to verified information about how we protect customer data, comply with regulations, and maintain transparency. The page is designed to address 90% of all common customer queries, allowing clients, partners, and auditors to verify our commitments at any time.
Keeping Customer data safe is and has always been central to everything we do at Netigate. The following is an overview on how we protect our Customers’ (Customer) data from unauthorised access, use, modification, or destruction. It also summarises how we continuously work to improve our products, processes, architecture and infrastructure to meet industry standards, legal regulations (incl. GDPR) and security best practices.
If you are conducting a data security and privacy assessment of Netigate or a privacy audit, the information here has been written with you specifically in mind. The content below includes answers to the most common security, privacy and technical queries – and it is intended to be your trusted primary source for answers.
Currently, this content is only available in English. If you require more information or have questions concerning it or anything else, please contact your nearest Netigate Account Executive.
The content below has been provided by Netigate’s Trust Team – a group consisting of our Chief Technology Officer, Group DPO, Head of Legal, Netigate Architects and Managers.
Due to privacy best practices, legislation and data security constantly evolving, our Trust Team will continuously update this content – so be sure to bookmark this page and check it often for the very latest info.
Netigate complies with the EU General Data Protection Regulation (GDPR) and applicable European privacy laws. Personal data is processed within the European Union, and our data centers are located in secure, EU-based environments. We act as a data processor for our customers and have implemented clear contractual and organizational measures to safeguard data privacy.
Key privacy principles include purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability. Customers can review and sign our standard Data Processing Agreement (DPA), which details the roles and responsibilities of both parties. The agreement also lists all approved sub-processors used to provide our services.
For privacy-related questions, customers may contact Netigate’s Data Protection Officer (DPO) via our contact form or by emailing dpo@netigate.net
Netigate is not regulated under DORA or considered a critical third-party provider but recognizes that our regulated customer’s responsibility to ensure suppliers uphold data management and security standards.
Netigate is certified under ISO 27001, thus ensuring a systematic, risk-driven and audited approach to information security and handling of our customer’s sensitive data. Netigate reinforces DORA focus controls by focusing on:
Netigate is not directly regulated under the NIS2 Directive or classified as an essential entity but recognizes that its regulated customers must ensure their suppliers maintain strong data protection, cybersecurity, and resilience standards.
Netigate is certified under ISO/IEC 27001:2022, thus ensuring a systematic, risk-driven, and audited approach to information security and handling of our customers’ sensitive data. Netigate reinforces NIS2’s principles of preparedness, response, and accountability by emphasizing:
Netigate’s platform is built on secure, scalable, and redundant European cloud infrastructure. Our main cloud provider is Azure (EU). All services are monitored for availability, vulnerability and compliance, and the architecture follows cloud-native principles with microservices, API gateways, and modern security frameworks such as Zero Trust and RBAC.
Security is built into our software development lifecycle, including code review, automated testing, vulnerability scanning, and external penetration testing. We maintain strict segregation between environments (development, staging, and production) to ensure data integrity and minimize risk.
Netigate is certified according to ISO/IEC 27001:2022, which covers our entire information security management system. This certification is audited annually by an accredited external auditor.
Netigate AB ISO 27001 Certificate
Netigate complies with WCAG 2.1 and has plans for implementing compliance for WCAG 2.2 during 2026.
For legal and regulatory information please see Legal
Netigate applies responsible AI principles when offering AI-driven insights and automation features. We do not use customer data to train AI models and all AI functionality is hosted within the EU on Microsoft Azure.
Netigate has conducted a preliminary classification assessment and determined that our AI-enabled features do not constitute high-risk AI systems under the EU AI Act. We are classified as an AI system provider and are implementing compliance measures in advance of the August 2, 2026 deadline.
Our compliance program includes formal risk assessment documentation, technical documentation per Article 11, transparency obligations under Article 50, and integration of AI governance into our ISO/IEC 27001:2022 certified Information Security Management System. We continuously monitor guidance from the European AI Office and update our compliance approach accordingly.
To learn more about how how we offer AI capabilities in some of our Netigate products, visit our Responsible AI subpage.
To learn more about how we protect customer data and information when using AI and generative technologies, check out our customer data usage policy.
Netigate’s Information Security Management System (ISMS) is certified under ISO/IEC 27001:2022. Our ISMS covers all online services and supporting processes across all Netigate entities, ensuring a risk-driven, continuously improving approach to information security.
| Controls | Descriptions | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Organizational Controls | Netigate’s Information Security Policy defines governance, roles, and accountability. The CEO is accountable for information security, and the CISO is responsible for maintaining and improving the ISMS. All employees and contractors share responsibility for following security controls and procedures across systems and operations. | |||||||||||||||||||
| People Controls | All employees and consultants complete structured onboarding that includes security training and confidentiality agreements. Security awareness programs are mandatory and continuously updated to address evolving threats such as phishing, malware, and social engineering. Access and privileges are removed immediately at offboarding through a centralized IAM process and continuously adjusted as roles change. | |||||||||||||||||||
| Physical and Environmental Security | Access to Netigate offices is limited to authorized personnel using key cards and PINs. Visitor access is restricted and monitored. No infrastructure of Netigate services is hosted in Netigate offices. Netigates uses hosting providers that offer defense-in-depth physical-security including but not limited to with perimeter barriers, controlled entrances, mantraps/secured entry points, 24/7 on-site security personnel and CCTV. Access to the datacenter interior is strictly limited to authorized and pre-approved personnel, with visitor pre-announcement and escort requirements. | |||||||||||||||||||
| Access Control for Internal Systems | Netigate enforces identity and access management through Azure Active Directory and Entra ID. Multi-factor authentication (MFA) is required for privileged and administrative accounts. Role-based access control (RBAC) ensures that employees only access data relevant to their duties. Access rights are reviewed semi-annually and revoked immediately when no longer required. | |||||||||||||||||||
| Cryptography and Communication Security | Data in transit is encrypted using TLS 1.2+ and data at rest is encrypted using AES-256. Cryptographic keys are stored and rotated securely using Azure Key Vaults. TLS certificates are automatically renewed and validated to maintain secure communications. | |||||||||||||||||||
| Operations Security | Operational security ensures that Netigate systems, networks, and applications are operated securely and resiliently. | |||||||||||||||||||
| Threat Intelligence | Netigate continuously monitors and analyzes security threats to anticipate and mitigate potential risks. We collect intelligence from trusted global and regional sources and evaluate it to improve awareness and preparedness. | |||||||||||||||||||
|
||||||||||||||||||||
| Protection Against Malware | Automated scanning and continuous monitoring protect endpoints, servers, and network environments. Netigate employs centrally managed antivirus systems across Windows and Linux servers, updated automatically. Detected incidents generate tickets and are handled according to documented response procedures. | |||||||||||||||||||
| Vulnerability Management | Vulnerabilities are identified through automated scans, penetration tests, and continuous monitoring. Each finding is classified and prioritized based on impact and likelihood to ensure timely remediation. | |||||||||||||||||||
|
||||||||||||||||||||
| Configuration and Change Management | Netigate maintains secure baseline configurations across systems and uses Infrastructure-as-Code templates (Terraform, Helm) to deploy consistent and reviewed configurations. All changes are logged, reviewed, and reversible to prevent misconfigurations. | |||||||||||||||||||
| Data Loss Prevention | Data transfers and email forwarding rules are continuously monitored. Alerts trigger when large data transfers or suspicious forwarding rules are detected. Global administrators review alerts in Microsoft Security Portal to ensure compliance and prevent unauthorized disclosures. | |||||||||||||||||||
| Logging and Monitoring | Comprehensive logging ensures traceability and supports incident investigation. Logs from applications, servers, and infrastructure are collected, protected, and analyzed regularly. All logs are stored on Azure EU. Automated alerts classify log events by severity (High, Medium, Low) and notify appropriate teams. High-severity alerts escalate to the CTO immediately for resolution. | |||||||||||||||||||
|
||||||||||||||||||||
| Business Continuity, Backups and Recovery | Business continuity plans are tested and updated regularly. Backups, failover mechanisms, and cloud redundancies ensure critical services remain operational even during disruptions. Netigate performs daily and weekly backups of systems, databases, and configurations, stored redundantly in secure EU data centers. Backups are encrypted, access-controlled, and verified through scheduled restore tests to confirm data integrity and recovery. | |||||||||||||||||||
|
||||||||||||||||||||
| Supplier and Relationship Management | All critical suppliers are evaluated for security and compliance performance. Regular reviews verify adherence to Netigate’s contractual and technical requirements, including certifications and incident handling capabilities. | |||||||||||||||||||
| Incident Management | Security incidents are reported immediately via internal service channels and handled under defined escalation paths. All incidents are analyzed for root cause and corrective actions are tracked through the ISMS. |
Netigate’s Information Security Management System (ISMS) is certified under ISO/IEC 27001:2022. Our ISMS covers all online services and supporting processes across all Netigate entities, ensuring a risk-driven, continuously improving approach to information security.
| Policy | Information |
| Information Security User Policy | All staff (employees and consultants) are trained on our policies during on-boarding. This policy includes several components which help staff know how to safely handle and process data, PII and sensitive PII. Netigate guides its staff on how to safely and securely use our systems, networks, and devices. This is enforced by continuous training of all staff. |
| Remote Work Policy | We have specific guidelines on how to securely work at home or while traveling. This enables our colleagues to, securely, do their best work – either Onsite or Offsite – without sacrificing any of our security or privacy controls. |
| Incident Management Policy | Netigate has a well-established processes for responding to production and data security incidents using industry best practices for escalation, communication and ensuring that regulatory obligations are met.
In case of a data breach, Netigate will immediately notify and support the data controller in accordance with our GDPR obligations and as further set forth in the DPA we have with every Customer and supplier who processes data. |
| Additional Confidentiality Obligation | All our employees and consultants are bound to secrecy by a separate agreement. This is to ensure that all our Customer information is processed with appropriate discretion. |
Netigate utilises market-leading sub-processors who are located in the EU, although they may have an ultimate parent company outside the EU. Netigate has contractually agreed with such sub-processors to store data within the EU. In case of third-country transfers, if an adequacy decision is not in place for the destination country, then either the latest standard contractual clauses (SCCs) published by the EU Commission are utilised or binding corporate rules. Where necessary, we work closely with our external GDPR counsel to conduct transfer impact assessments to document the likelihood and risk of such transfers.
All Netigate’s current sub-processors conduct their data processing either:
Your privacy is important to us, and we want you as a survey respondent to feel secure when answering our surveys. Therefore, the following part of our Privacy Policy concerns you as a respondent and the information collected by Netigate. Any personal information provided by you in responding to questions is regarded as voluntarily submitted and will be stored according to local legislation.
The information collected can be divided in the following categories:
In the case that you are answering a survey distributed through a generic, non-personal link, then no information is registered automatically that can be linked to you as a respondent. The survey page does not use cookies for the respondents other than in one particular survey distribution setting of one response per person.
In order to prevent and mitigate security threats, Netigate logs IP address from where the survey was completed in web firewalls but not at the application level and can never be associated with other personal information of the respondent. The storage period of IP adresses is currently 7 days. The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR. Our interest is to ensure the integrity, confidentiality and availability of the data processed on the web servers.
No personal information will be shared to a third party unless specifically stated in the survey or with your specific consent. If required by law, personal information may be submitted to local authorities upon request. Read more in our Privacy Policy.
To learn more about how, when and under what legal grounds Netigate processes your data if you visit our website, if you are a survey respondent, or if we contact you for marketing, promotional or recruitment purposes, please read our Privacy Policy.
To learn more about how and when Netigate’s website uses cookies – and exactly which ones – please read our Cookie Policy.
Need more information or a copy of a document, e.g ISO Statement of Applicability, ISO certificate, Transfer Impact Assessment, etc?
If you’re already a Netigate Customer, simply reach out to your Account Executive asking for a copy.
If you are not yet a Netigate Customer but may be interested in becoming one, we are happy to provide these documents after your company has signed our standard NDA.
Please contact us under dpo@netigate.net for assistance.
