Security & Compliance

Introduction

Security is a cornerstone of our business. We run a systematic information security program and build our operations on recognized frameworks. Below we describe the technical and organizational measures that protect your data.

Security Organization

Securapilot has clearly defined roles for security work:

Governing Documentation

• Information security policy
• Security plan for patching, monitoring and hardening
• Incident handling procedures
• Backup and recovery plan
• Business continuity planning (BCP/DR)

Monitoring and Incident Detection

Securapilot is monitored around the clock by a dedicated monitoring platform run separately from the production environment — with a different provider — so that a single outage cannot take down both the service and its monitoring at once.

• Continuous monitoring of system resources, response times and availability, with automatic alerts on anomalies.
• Centralized log aggregation from all systems, with 180 days of log history.
• SIEM (Security Information and Event Management) with real-time detection of intrusion attempts, file integrity monitoring of both system and application code, rootkit detection and correlation of security events.
• Audit trail of administrative actions and access, with 365 days of security event retention.

Vulnerability Management

• Continuous vulnerability monitoring of operating systems and packages against current vulnerability databases (NVD).
• Weekly automated scanning of all container images and application dependencies.
• Ongoing security configuration review against CIS benchmarks.
• Alerts are triggered immediately when critical vulnerabilities are detected.
• External penetration testing is performed annually.

Patch and Update Management

• Operating system security updates are installed automatically, daily.
• Major updates are rolled out in a structured, staged manner — first to a test environment, then to production after verification.
• A backup is always taken before every update of the production environment.

Backups and Business Continuity

We apply a multi-layered backup model:

• Daily, encrypted database backups stored geographically separate from production.
• Daily snapshots of the entire operating environment for fast recovery.
• Weekly restoration testing — backups are restored in an isolated environment and verified. A backup that has never been tested is not something we consider a backup.
• Retention: 14 daily, 8 weekly and 12 monthly recovery points.

Access and Network Security

• All administrative access takes place over an encrypted private network (WireGuard) — no administration interfaces are exposed to the internet.
• Least privilege — access is governed per role and service.
• Key-based authentication and encrypted communication (TLS) throughout.

Frameworks and Compliance

• ISO/IEC 27001:2022 — our information security program and controls follow the structure of the standard.
• NIS2 — our operations are aligned with the directive's requirements for continuous incident detection, monitoring and business continuity.
• GDPR — as a data processor for customer data, we fully comply with the regulation, with encryption, customer isolation and documented processes for data subject rights.
• SOC 2 Type II — audit planned during Q3–Q4 2026.

Service Status

Current uptime and service status are shown openly on our status page: status.securapilot.com.

Contact Us

For questions about Securapilot's security work, please contact:

Glossary