Hopp til hovedinnhold
Hopp over innholdsfortegnelsen

Sikkerhet

Our development process is guided by a "security-first" mindset, incorporating foundational principles of modern cybersecurity.

 

Privacy by Design

Identum's core development philosophy is Privacy by Design. This means that privacy and data protection are embedded into the design and architecture of our systems from the outset, not added as an afterthought. We adhere to the seven foundational principles:

  • Proactive not Reactive; Preventative not Remedial: We anticipate and prevent privacy-invasive events before they happen.

  • Privacy as the Default Setting: User data is protected automatically; no user action is required to secure their privacy.

  • Privacy Embedded into Design: Privacy is an essential component of the core functionality.

  • Full Functionality (Positive-Sum, not Zero-Sum): We avoid false dichotomies, such as privacy vs. security, proving it is possible to have both.

  • End-to-End Security (Full Lifecycle Protection): Data is securely protected from collection to destruction.

  • Visibility and Transparency: We maintain open communication about our processes and are subject to independent verification.

  • Respect for User Privacy (User-Centric): We place the interests of the individual first by offering strong privacy defaults and user-friendly controls.

 

Zero Trust Architecture

We operate on a Zero Trust security model. This model assumes that no user or device should be trusted by default, regardless of whether they are inside or outside the network perimeter. Every access request is strictly verified and continuously authorized.

  • Identity Verification: All access requests require strong authentication, typically using Multi-Factor Authentication (MFA).

  • Principle of Least Privilege: Users are granted the minimum level of access required to perform their tasks. Permissions are granular, dynamic, and based on need.

  • Continuous Monitoring: All system activity is monitored and analyzed to detect and respond to suspicious behavior or unusual access patterns.

  • Data Protection: Data is protected through encryption, both in transit and at rest, with access strictly controlled based on necessity.

 

Data Minimization

In line with GDPR, we practice data minimization. We only collect, process, and store the personal data that is strictly necessary for a legitimate purpose.

  • Limited Collection: We only import data required for specific functions. For example, salary data is not imported by default.

  • Limited Retention: Data is stored only as long as there is an operational or legal need. Deactivated users are retained for a default of 365 days, a period that can be customized by the customer.

  • Anonymization and Aggregation: Whenever possible, data is aggregated or anonymized to prevent individual identification.

  • Purpose Limitation: Data is only used for the clear and transparent purposes for which it was collected.

  • Pseudonymization: Where identifiable data is necessary, we use data aliases to protect user identities and reduce the impact of potential data breaches.

JavaScript-feil oppdaget

Vær oppmerksom på at disse feilene kan avhenge av nettleseroppsettet ditt.

Hvis problemet vedvarer, vennligst kontakt vår support.

Kontakt Support Lukk