Data Storage

Digiplex at Ulven in Oslo is the country’s leader in secure, vendor-neutral hosting. They offer world-class facilities with very high security, climate control, and redundancy in both telecommunications and power.

Physical Security at the Data Center

• Access systems and advanced surveillance systems
• 360-degree high-security fence with physical access control
• Security managed from a purpose-built bunker staffed 24/7
• Data stored on servers at a facility certified according to: ISO 9001:2015, ISO 27001:2013, ISO 14001:2015, and OSHAS 18001:2007. For a full overview, click here: https://www.syse.no/hosting#section-hosting-driftsmiljo
  
  

Database

The database is built on open-source technologies MySQL and MongoDB. The encrypted database is mirrored to three separate locations to maintain redundancy.

Two-Factor Authentication

All users of the solution can activate two-factor authentication via SMS, ensuring that unauthorized individuals cannot access their accounts. 2FA is free and included in all setups.

SSO

Single Sign-On (SSO) is a feature that allows users to log into multiple applications and services with a single set of credentials (such as username and password). This means less hassle remembering different passwords for various services and reduces the risk of password reuse, a common security challenge.

In our portals, such as TransparencyGate and Mittvarsel, we have integrated SSO to enhance security and simplify user experience. By using trusted providers like Microsoft, Google, and LinkedIn, we ensure that access management is both secure and efficient. Users don’t need to remember and manage multiple passwords, reducing the likelihood of security breaches.

By enabling SSO at the portal level, we ensure that all users within an organization benefit from this security advantage without needing individual activation. This contributes to a more comprehensive security strategy and a user-friendly access process for everyone.

Measures Against Data Breaches

We take expected measures to secure against data breaches:

• Software maintenance
• Updating to the latest versions
• Encryption, obfuscation of sensitive information, and auto-generating passwords ensure that any data that might be leaked is of little use and only shows high-level information.
  
  

Backup, Rolling-Release, and Maintenance

Backup is performed at least hourly. Encrypted backups are stored in three separate locations. New functionality, system maintenance, and updates follow the rolling-release model. This means no downtime for systems when launching new features, changes, or updates. Changes are tracked in version control, and rollback is facilitated if needed.

API

We have an internal API for integration with third-party systems, such as archive systems. Our API is flexible and can securely retrieve and transmit the necessary information.

Privacy at Digitaliq

Protecting sensitive personal data is one of the most important things we facilitate in our solutions. All data is stored securely and in compliance with GDPR, and we encourage everyone to take IT security seriously. Read more about privacy here.

Encryption

All end-to-end communication is encrypted with industry-standard 256-bit SSL connection. Certificates are issued annually by Let’s Encrypt/Verisign.

Sensitive personal information is stored in our cloud solution and encrypted with AES-256.

ISO/IEC 27001:2022 Certification

Digitaliq AS is ISO/IEC 27001:2022 certified.

This means that our customers can have full confidence that their data is handled with the highest security and confidentiality. In a time when digital security is more important than ever, we want to assure our customers that we are committed to continuous improvement and compliance with international security standards.

ISO/IEC 27001:2022 is an internationally recognized standard for information security management systems (ISMS). It sets guidelines and requirements for how organizations should manage and protect their information resources. The main elements of this standard include:

• Risk Management: Organizations must systematically identify, assess, and treat information security risks.
• Security Controls: Implementing appropriate security measures to protect information from various threats. This can include technological solutions, procedures, policies, and employee training.
• Management Commitment: Management must show active support and commitment to the ISMS, including adequate resource allocation and establishing a security culture.
• Continuous Improvement: The standard requires organizations to continually monitor, review, and improve their ISMS to ensure it remains effective and relevant.
• Internal and External Audits: Regular audits to ensure compliance with the standard and identify areas for improvement.

SaaS solution Mittvarsel

Digitaliq AS offers artificial intelligence in Mittvarsel as an optional and modular feature, fully controlled by the customer. AI can support whistleblowing processes through text summarization, category suggestions, and language assistance – but all processing is subject to human oversight, and the use of AI is never mandatory.

Our solution is built on the principles of transparency, privacy, and customer control:

• Each customer has their own isolated AI instance – never shared across customers

• AI is not trained on whistleblowing cases or other customer data without explicit consent

• All AI suggestions are reviewed by the customer’s case handlers before further use

• No customer data is used to improve or train the model at Digitaliq or with any third party

• Sensitive information is stored securely in our cloud environment and encrypted with AES-256

Read the full policy here: AI Transparency and Privacy Policy for Mittvarsel

Improvements?

We always aim to improve and greatly appreciate feedback on how we can make our services more secure. Is something not working as expected or difficult to understand? Let us know through the contact form!