Security at Centra

We use industry-standard encryption protocols to protect customer data both at rest and in transit. Data is stored in secure, ISO-certified data centers with robust physical and technical safeguards. Access to data is tightly controlled using role-based access permissions and multi-factor authentication (MFA).

Yes, we comply with globally recognized standards and regulations, including ISO 27001 and GDPR, ensuring your data is handled securely and in compliance with privacy regulations. Regular audits of the Information Security Management System are performed by TUV Nord, as a notified body, to maintain our ISO 27001 certification. We also fulfill requirements defined in the GDPR regulation.

We enforce strong access controls, including support for multi-factor authentication (MFA) and single sign-on (SSO) to protect accounts from unauthorized access. All access requests are logged and monitored for anomalies. Permissions are granted using the principle of least privilege, ensuring users only access what they need.

All data in transit is encrypted using TLS 1.2 or higher to prevent interception during communication. Data at rest is encrypted using e.g. AES-256 or other secure encryption standards recommended by NIST. This ensures that even in the unlikely event of unauthorized access, your data remains secured.

We have a structured incident response plan in place, including immediate containment, root cause analysis, and resolution. Affected customers are notified within a maximum 36 hours of discovering any privacy breach, as required by GDPR. Our incident response team conducts post-incident reviews to implement measures that prevent recurrence.

Every hour (Recovery Point Objective=1h) we perform backups of the Centra platform and store them securely in geographically redundant locations. Our disaster recovery plan ensures minimal downtime, with a recovery time objective (RTO) of under 24 hours. Regular backup restoration tests are conducted to validate the effectiveness of our recovery processes.

Yes, we conduct routine vulnerability scans of Software Bill of Materials (SBOM) and regular penetration tests to identify and mitigate security risks. Independent security firms are engaged to validate our systems against the latest threats. Findings are promptly addressed, and customers are informed of any updates that enhance security.

Our data centers are located in ISO 27001-certified facilities within the European Economic Area (EEA) and comply with GDPR requirements. These facilities have 24/7 monitoring, biometric access controls, and redundant power systems to ensure physical and operational security. We provide data residency options for specific regulatory needs.

While we secure the Centra platform, customers are responsible for managing the frontend component, user access, creating strong passwords, and maintaining endpoint security. We recommend enabling multi-factor authentication and single sign-on and limiting administrative privileges to essential personnel. Following our security best practices ensures the highest level of protection.