Skip to main content
About Signicat

Security and Trust

Signicat delivers business critical services to its customers. These trusted services are delivered in line with regulatory and best practice requirements.

QTSP logo

Signicat is a Qualified Trust Service Provider

# EU Trust Service Provider

Signicat is a Qualified Trust Service Provider in different geographical areas. As a Qualified Trust Service Provider, Signicat is one of a select few companies who can use the EU Trustmark and is part of the EU Trust List

Read more about the different geographical areas here

# Software as a Service

All Signicat services are delivered as Software as a Service (SaaS). Using Signicat services will benefit the customers as strict requirements will be implemented for all Signicat customers. Signicat have a great number of customers with high security requirements in regulated industries. This means that making these services secure is a primary concern for us, and it makes us focus on security in the development and operations of the services. We believe that we have good security, and are continuously improving the management system and control implementation.

ISO 27001 logo

Signicat is ISO/IEC 27001 certified.

# Information security management

Signicat organises its security work by implementing a Information Security Management System (ISMS) following and certified in line with the ISO/IEC 27001:2013 standard. We have a dedicated Security and Quality organisation lead by Signicat's CISO. The CISO leads and are part of Signicat's Information Security Board (ISB) which includes top-level management from different departments in Signicat. To ensure that the ISMS is performing and implemented in line with best practice we conduct an extensive audit program.

View Signicat certifications

# Personal data and privacy

When processing personal data for the customers’ users, Signicat will act as a data processor according to European data protection law. Signicat offer a Data Processing Agreement (DPA) that are aligned with GDPR and performs an annual audit of its compliance of the DPA with a report which is available for customers.

Signicat secures personal data through strong logical and physical access controls. All personal data is encrypted in transport, as processed in line with the Signicat Privacy Policy.

# Operation Management Plan

Signicat uses the ITIL framework to ensure that we have good processes in place. These processes take security requirements into consideration and these requirements are baked into the processes. The most important ITIL processes in Signicat are listed below:

  • Business Continuity Management
  • Access Control Management
  • Deployment Management
  • Event Management
  • Problem Management
  • Request fulfillment
  • Incident Management
  • Key Management