Data Protection

At Abisko, we take the protection and security of your information seriously. We have implemented a robust set of controls and frameworks to ensure the confidentiality, integrity, and availability of data across our systems.

Security Policies

Abisko maintains formal, documented information security policies which are reviewed at least annually. These policies define standards for employee conduct, system usage, and risk mitigation. All employees are required to acknowledge these policies and undergo regular security awareness training, including role-specific guidance.

Security Controls

Security controls are continuously monitored through Vanta, our compliance automation platform. Vanta provides real-time alerts and automated evidence collection across infrastructure, endpoints, and identity systems to ensure that controls are operating effectively.

Dedicated Information Security Team

Abisko’s internal security responsibilities are managed across functional teams including Engineering, Operations, and Risk & Compliance. These teams oversee security strategy, internal controls, and incident response protocols.

Application Security

Abisko follows a structured software development lifecycle (SDLC) including secure coding practices, peer code reviews, and CI/CD pipeline controls. Changes are tracked via GitHub and tested through GitHub Actions before deployment to production. Development, test, and production environments are strictly separated.

Configuration/Change Management

All infrastructure and application changes follow a formal change control process. Changes are documented, tested, and approved through automated CI/CD workflows and version control systems before deployment. Separate environments ensure isolation of development activities from production systems.

Contingency Planning 

Abisko’s disaster recovery and business continuity procedures include automated daily backups and annual recovery tests. Systems are deployed across multiple AWS and GCP availability zones for resilience. Recovery plans are well-documented and regularly updated.

Incident Response

Abisko has a formal incident response plan in place, including defined escalation paths, communications procedures, and post-incident reviews. The plan is tested annually and all incidents are logged, classified, and tracked through resolution.

Breach Notification

In the event of a security breach, Abisko commits to notifying affected users promptly in accordance with applicable laws and contractual obligations. Our protocols ensure transparency and support our partners in fulfilling their own reporting requirements.

Vulnerability Management

Abisko maintains an active vulnerability management process, including automated vulnerability scans and intrusion detection. Internal processes ensure continuous monitoring and mitigation of risk exposures.

Personnel Security

New hires undergo background checks and security training as part of the onboarding process. Employees are required to adhere to Abisko’s code of conduct and data use policies. Periodic reviews, ongoing training, and role-based access controls ensure ongoing compliance.

Data Encryption

Abisko encrypts all sensitive data both in transit and at rest. We use AES-256 encryption for data storage and TLS 1.2+ for secure communications.

Secure, Reliable Infrastructure

Abisko is hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP), both of which maintain industry-leading security controls including 24/7 surveillance and environmental safeguards.

Compliance and Certification 

Abisko has successfully completed a SOC 2 Type 1 and is committed to ongoing compliance with the Trust Services Criteria for Security.