Policies
Cetbix is built on a foundation of clear, documented policies that govern how we protect your data, manage access, respond to incidents, and maintain service availability. This page provides summaries of our key security and privacy policies, giving you transparency into how we design and operate our platform in line with ISO 27001, GDPR, and other best‑practice standards. Each policy is regularly reviewed and updated to reflect evolving threats, technologies, and regulatory requirements.
Information Security Policy
Cetbix’s Information Security Policy establishes our commitment to protecting the confidentiality, integrity, and availability of customer data and platform services. This policy defines baseline security requirements, roles, and responsibilities across the organisation and underpins our ISO 27001‑aligned Information Security Management System (ISMS). It applies to all Cetbix products, internal systems, and third‑party relationships that process or access customer data.
Access Control Policy
Our Access Control Policy ensures that only authorised individuals and systems can access Cetbix platforms and customer data. Access is granted on a least‑privilege basis, reviewed regularly, and enforced through strong authentication, including multi‑factor authentication (MFA) for privileged accounts. Customer data is logically separated, and access is logged and monitored to detect and respond to suspicious activity.
Incident Response Policy
The Incident Response Policy defines how Cetbix detects, assesses, contains, and recovers from security incidents that may affect our platform or customer data. We maintain documented procedures, roles, and communication channels so that incidents are handled in a consistent, timely, and transparent manner. Where required, we notify customers of incidents that materially affect their data or service, in line with contractual and regulatory obligations.
Business Continuity Policy
Our Business Continuity Policy ensures that essential Cetbix services remain available or can be recovered within defined timeframes after disruptions, such as infrastructure failures or cyber incidents. The policy includes backup requirements, disaster‑recovery plans, and testing procedures, allowing us to maintain service availability and data integrity for our customers.
Privacy Policy
Cetbix’s Privacy Policy explains how we collect, use, store, and protect personal data when you use our products and services. As a data processor, we are committed to GDPR‑compliant processing and provide clear information about your rights as a data subject, data‑retention periods, and how to exercise your rights. Our privacy‑by‑design approach ensures that data‑protection considerations are embedded into product design and operations.
Vulnerability Disclosure Policy
The Vulnerability Disclosure Policy describes how security researchers and customers can responsibly report potential security issues in Cetbix products and services. We encourage coordinated disclosure and provide clear channels and expectations for reporting vulnerabilities, including response timelines and the handling of findings. We do not pursue legal action against good‑faith security researchers who follow this policy.