Back to Legal Overview

Markular Information Security (MIS)

Last updated: January 9, 2025

This document outlines Markular’s commitment to information security and the measures we take to protect our customers’ data.

1. Security Framework

1.1. Our security framework is built on industry best practices and standards, including:

  • ISO 27001 principles
  • NIST Cybersecurity Framework
  • GDPR requirements
  • Norwegian security regulations

2. Organizational Security

2.1. Security Team:

  • Dedicated security personnel
  • Regular security training for all employees
  • Clear security roles and responsibilities
  • Incident response team

2.2. Policies and Procedures:

  • Comprehensive security policies
  • Regular policy reviews and updates
  • Employee security awareness program
  • Background checks for employees

3. Infrastructure Security

3.1. Cloud Security:

  • Enterprise-grade cloud infrastructure
  • Regular security assessments
  • Redundant systems and backups
  • Geographic distribution of data centers

3.2. Network Security:

  • Multi-layer firewall protection
  • Network segregation
  • Intrusion detection and prevention
  • Regular vulnerability scanning
  • 24/7 network monitoring

4. Application Security

4.1. Development Security:

  • Secure development lifecycle (SDLC)
  • Regular security testing
  • Code review processes
  • Automated security scanning

4.2. Access Control:

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA)
  • Strong password policies
  • Regular access reviews

5. Data Security

5.1. Data Protection:

  • Encryption at rest and in transit
  • Data classification system
  • Data retention policies
  • Secure data disposal procedures

5.2. Backup and Recovery:

  • Regular automated backups
  • Encrypted backup storage
  • Tested recovery procedures
  • Geographic redundancy

6. Compliance and Certifications

6.1. Compliance:

  • GDPR compliance
  • ISO 27001 alignment
  • Regular compliance audits
  • Industry-specific regulations

7. Incident Management

7.1. Response Procedures:

  • Documented incident response plan
  • Regular incident response drills
  • Post-incident analysis
  • Customer notification procedures

8. Business Continuity

8.1. Continuity Planning:

  • Business continuity plan
  • Disaster recovery procedures
  • Regular testing and updates
  • Recovery time objectives (RTO)
  • Recovery point objectives (RPO)

9. Third-Party Security

9.1. Vendor Management:

  • Vendor security assessments
  • Regular security reviews
  • Contractual security requirements
  • Monitoring of vendor compliance

10. Physical Security

10.1. Facility Security:

  • Access control systems
  • Environmental controls
  • Security personnel

11. Monitoring and Logging

11.1. Security Monitoring:

  • 24/7 security monitoring
  • Log management system
  • Security information and event management (SIEM)
  • Regular security reports

For questions about our security measures, please contact security@markular.com.