# EU Trust Service Provider
Signicat is a Qualified Trust Service Provider in different geographical areas. As a Qualified Trust Service Provider, Signicat is one of a select few companies who can use the EU Trustmark and is part of the EU Trust List.
# Software as a Service
All Signicat services are delivered as Software as a Service (SaaS). Using Signicat services will benefit the customers as strict requirements will be implemented for all Signicat customers. Signicat have a great number of customers with high security requirements in regulated industries. This means that making these services secure is a primary concern for us, and it makes us focus on security in the development and operations of the services. We believe that we have good security, and are continuously improving the management system and control implementation.
# Information security management
Signicat organises its security work by implementing a Information Security Management System (ISMS) following and certified in line with the ISO/IEC 27001:2013 standard. We have a dedicated Security and Quality organisation lead by Signicat's CISO. The CISO leads and are part of Signicat's Information Security Board (ISB) which includes top-level management from different departments in Signicat. To ensure that the ISMS is performing and implemented in line with best practice we conduct an extensive audit program.
# Personal data and privacy
When processing personal data for the customers’ users, Signicat will act as a data processor according to European data protection law. Signicat offer a Data Processing Agreement (DPA) that are aligned with GDPR and performs an annual audit of its compliance of the DPA with a report which is available for customers.
# Operation Management Plan
Signicat uses the ITIL framework to ensure that we have good processes in place. These processes take security requirements into consideration and these requirements are baked into the processes. The most important ITIL processes in Signicat are listed below:
- Business Continuity Management
- Access Control Management
- Deployment Management
- Event Management
- Problem Management
- Request fulfillment
- Incident Management
- Key Management