Building Trust through Security and Compliance

Protecting Your Business While Enabling Transparency

For years, we have been dedicated to information security - including cybersecurity, Corporate Social Responsibility (CSR), and compliance. It is a core part of what we do as a professional software company and is key to building trust with our customers, partners, and stakeholders. We are always ready to answer questions, complete assessments, and meet regulatory requirements because transparency matters to us.

On this page, you will find quick links to our whitepaper, certifications, policies, and more - all designed to show our ongoing commitment to security, compliance, and sustainability. And if you have any questions, just let us know – we are here to help!

configit employees taking in front of a screen

security at Configit

Configit’s Proactive Approach to Compliance and Cybersecurity

Security and compliance are incorporated into our processes, supported by risk-based governance and ongoing improvements to meet standards and regulatory, operational, and customer needs.

Compliance Standards at Configit

security at Configit

Security

We follow ISO 27001 and ISO 27017 industry standards for information security management and cloud security. Download our ISO Certification Package for access to ISO certificates, Statement of Applicability, and Audit Report.

data privacy at Configit

Data Privacy

We ensure GDPR compliance for data protection and privacy. Access our Data Privacy Package.

sustainability at Configit

Sustainability

We use CSR and ESG frameworks, follow UNGPs and OECD Guidelines, and participate in the Global Compact. Access our Sustainability Package.

Coming soon

Operational Resilience and Security Validation

Penetration Testing Reports

Access our recent penetration testing reports for transparency and assurance of our services by downloading the Penetration Test Package.

SaaS Disaster Recovery Guide

Find information about our disaster recovery practices for SaaS by downloading our SaaS Disaster Recovery Guide.

Coming soon

Security Policies

Find detailed descriptions of our security policies and procedures by downloading our Security Policies

Global Staff Manual

Information Security Incident Policy

Information Security Risk Policy

Information Security Management System Policy

Secure Software Development Procedures

Acceptable Use Policy

See the Policy

Need More Information?

Reach out to our Security and Compliance team for expert assistance.

Contact Us

FAQs

Do you have a valid ISO 27001 certification, or assurance reports (ISAE3402-II/ISAE3000/SOC2-II) with equivalent coverage of controls?

Yes. We have a valid ISO 27001 certification since 2020 and may add assurance reports in the future.

Are you registered with the Cloud Security Alliance (CSA) or any equivalent scheme?

Yes. While we are not registered with the CSA, we are certified under ISO 27001 and ISO 27017, which are internationally recognized standards for information security and cloud security controls.

How does Configit ensure contractual compliance?

The Customer and Configit enter into a Non-Disclosure Agreement (NDA), SaaS agreement and Data Processing Agreement (DPA).

Is there a mechanism for the customer to identify and authenticate the product/service?

Yes, via the customer's OpenID Connect (OIDC) provider integrated with our SaaS services.

How do you help customers achieve their own NIS2 compliance?

We are preparing for compliance with the EU NIS2 Directive, which significantly strengthens cybersecurity across the EU. Our preparedness strategy involves enhanced incident response with timely security alert notification, supply chain risk management, and governance - ensuring that our customers can rely on our services to help them achieve their own NIS2 compliance and maintain robust security and trust in their operations.

Have you integrated data privacy into your risk management process?

Yes. In 2025 we integrated security with compliance – including data privacy – and established a two-year objectives roadmap.

Is AI part of the software solution and are you able to answer questions regarding that?

We expect to come with an AI-powered offering in early 2026, which will be available for a fee for SaaS customers.