Back to Legal Overview

Markular Information Security (MIS)

Last updated: October 27, 2025

This document outlines Markular’s commitment to information security and the measures we take to protect our customers’ data.

1. Security Framework

1.1. Our security framework is built on industry best practices and standards, including:

  • ISO 27001 principles
  • NIST Cybersecurity Framework
  • GDPR requirements
  • Norwegian security regulations

2. Organizational Security

2.1. Security Team:

  • Dedicated security personnel
  • Regular security training for all employees
  • Clear security roles and responsibilities
  • Incident response team

2.2. Policies and Procedures:

  • Comprehensive security policies
  • Annual policy reviews and updates
  • Annual security awareness training for all employees
  • Background checks for employees with access to customer data

3. Infrastructure Security

3.1. Cloud Security:

  • Microsoft Azure cloud infrastructure
  • Security assessments conducted quarterly
  • Redundant systems with automated backups tested quarterly
  • Data centers in Europe

3.2. Network Security:

  • Multi-layer firewall protection
  • Network segregation
  • Intrusion detection and prevention
  • Regular vulnerability scanning
  • 24/7 network monitoring

4. Application Security

4.1. Development Security:

  • Secure development lifecycle (SDLC)
  • Security testing conducted during each release cycle
  • Mandatory code review processes
  • Automated security scanning with vulnerability remediation within 30 days of disclosure

4.2. Access Control:

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) required for all administrative access
  • Strong password policies
  • Access reviews conducted quarterly

5. Data Security

5.1. Data Protection:

  • Encryption at rest and in transit
  • Data classification system
  • Data retention policies
  • Secure data disposal procedures

5.2. Backup and Recovery:

  • Regular automated backups
  • Encrypted backup storage
  • Tested recovery procedures
  • Geographic redundancy

6. Compliance and Certifications

6.1. Compliance:

  • GDPR compliance
  • Operations follow ISO 27001 principles
  • Industry-specific regulations as applicable

7. Incident Management

7.1. Response Procedures:

  • Documented incident response plan
  • Regular incident response drills
  • Post-incident analysis
  • Customer notification procedures

8. Business Continuity

8.1. Continuity Planning:

  • Business continuity plan
  • Disaster recovery procedures
  • Regular testing and updates
  • Recovery time objectives (RTO)
  • Recovery point objectives (RPO)

9. Third-Party Security

9.1. Vendor Management:

  • Vendor security assessments
  • Regular security reviews
  • Contractual security requirements
  • Monitoring of vendor compliance

10. Physical Security

10.1. Facility Security:

  • Access control systems
  • Environmental controls
  • Security personnel

11. Monitoring and Logging

11.1. Security Monitoring:

  • 24/7 security monitoring with alert response
  • Centralized log management system
  • Security reports generated monthly for internal review

For questions about our security measures, please contact security@markular.com.