Our Commitment
At Signify, we prioritize safeguarding the confidentiality, integrity, and availability of our customers’ data. We have adopted a security-first approach to our infrastructure, policies, and operations to ensure that your information remains private and protected at all times. Your trust is central to our business, and we do not sell or share your data with third parties without your explicit consent.
Certifications and Trust
Signify is committed to aligning with internationally recognized information security standards. We maintain strict internal controls and continuously monitor compliance to mitigate risks relating to security, availability, and confidentiality. We also undergo independent reviews and audits to demonstrate transparency in our security practices.
Infrastructure Security
Our services and customer data are hosted on leading cloud infrastructure providers that are globally recognized for robust security practices and compliance certifications, including ISO 27001, ISO 27017, and SOC 1, 2, and 3. These providers offer state-of-the-art physical and digital safeguards to ensure a secure and reliable hosting environment.
Encryption
All data transferred between users and Signify is encrypted in transit using Transport Layer Security (TLS 1.2 or higher). At rest, sensitive data is protected with AES-256 encryption. Certificates are obtained from trusted providers to ensure secure connections at all times.
Logging and Monitoring
We use enterprise-grade logging and monitoring systems to track operations across our infrastructure and applications. Logs are securely maintained for forensic analysis, performance monitoring, and incident investigations. We monitor system performance, privileged access, and potential misconfigurations in real time to quickly detect and remediate anomalies.
Backups and Business Continuity
Data backups are conducted daily, encrypted, and securely stored. Backup systems are tested regularly to ensure integrity and recoverability, supporting business continuity in the event of an incident or disaster.
Governance and Access Management
Signify enforces a zero-trust security model across its systems. Access to sensitive data and systems is strictly controlled through multi-factor authentication (MFA), strong password enforcement, and role-based access controls (RBAC). Only authorized employees with a defined business need can access customer data.
Policies, Training, and Device Management
We have developed comprehensive information security policies that guide employee behavior and ensure consistent security practices. All staff members complete mandatory security awareness training at least once a year. In addition, all company-issued devices are centrally monitored, secured, and managed to reduce endpoint risks.
Vendor and Third-Party Risk Management
Before engaging with any vendor, Signify conducts thorough due diligence to ensure they meet our security and compliance standards. We hold all third-party partners to the same security requirements that govern our own operations.
Compliance and Privacy
Signify is committed to complying with all applicable data protection regulations, including the General Data Protection Regulation (GDPR), the Norwegian Personal Data Act (implementing GDPR in Norway), and other relevant privacy requirements. We ensure that all processing of personal data aligns with the laws of the Kingdom of Norway.
Contacting Us
If you have any questions about our security practices or wish to report a concern, please contact us at info@signify.in. We take all reports seriously and will respond promptly to legitimate inquiries.
Last updated: 24 September 2025