Skip to main content

Information Security Statement

Written by Estera

Our Commitment

We are committed to protecting the confidentiality, integrity, and availability of the information we process and the services we provide.

Our Information Security Management System (ISMS) is certified to ISO/IEC 27001, demonstrating our commitment to maintaining effective and internationally recognised security practices.

This statement applies to all systems, services, employees, and third parties involved in the delivery and support of our SaaS platform.

Security Principles

Confidentiality

We safeguard information against unauthorised access and disclosure.

Integrity

We protect information from unauthorised modification and ensure its accuracy and reliability.

Availability

We design and operate our systems to ensure information is accessible to authorised users when needed.

Risk Management

Information security risks are identified, assessed, and managed in line with our ISMS to ensure appropriate controls are in place.

Key Practices

Access Control

Access to systems and data is granted based on role and legitimate business need, following the principle of least privilege.

Data Protection

We handle personal and business-critical data in compliance with GDPR and all applicable data protection regulations.

Device Security

Company-issued devices are configured with approved security controls, including encryption and endpoint protection.

Network Security

Secure communication protocols (such as TLS) and controlled remote access mechanisms are used to protect data in transit.

Incident Management

Security incidents are managed through a defined process, including escalation, investigation, and customer notification where required.

Training & Awareness

All employees receive regular information security training to ensure awareness of their responsibilities.

Third-Party Management

Suppliers and partners are assessed and expected to maintain security standards appropriate to the services they provide.

Responsibilities

All employees are responsible for following company security policies and reporting suspected incidents or weaknesses.

Management ensures appropriate resources, oversight, and governance are in place to support and maintain the ISMS.

Continuous Improvement

We conduct regular internal reviews and independent external audits to ensure ongoing effectiveness of our ISMS.

Security objectives are reviewed at least annually as part of management review, and controls are continually improved to respond to evolving risks and threats.

Did this answer your question?