Security governance and ISMS
Cetbix operates an Information Security Management System (ISMS) that applies consistent security and compliance controls across all Cetbix products and services. This ISMS is aligned with international standards such as ISO 27001 and is designed to protect the confidentiality, integrity, and availability of your data. Security governance is overseen by Cetbix leadership, with clear roles, documented policies, and regular reviews to ensure we meet evolving security and regulatory requirements.
Risk management process
We use a structured risk management process to identify and manage information security risks across the Cetbix platform. Risks are assessed for likelihood and impact, and treatments—such as technical controls, process changes, or compensating measures—are documented and tracked. This process helps us focus on the most critical risks and ensures that your data and our services are protected in line with best‑practice frameworks.
Access control and least privilege
Access to Cetbix systems and data is granted on a least‑privilege basis: users and internal staff only get the permissions they need to perform their roles. Customer data is logically separated, and strong authentication methods, including multi‑factor authentication (MFA) for privileged accounts, are enforced. Access is regularly reviewed and logged, so we can detect and respond to unusual activity quickly.
Encryption (in transit and at rest)
Cetbix protects your data with strong encryption both in transit and at rest. All traffic between you and our platform is encrypted using TLS (Transport Layer Security). Sensitive data stored in our systems is encrypted at rest using industry‑standard algorithms and key‑management practices. Encryption keys are securely managed, and decryption is limited to authorised systems and personnel with appropriate access rights.
Secure development lifecycle
Security is built into our secure development lifecycle for all Cetbix products. We consider security and privacy during design, use code analysis and testing tools, and review code for security issues before deployment. Security‑related findings are tracked and remediated before release, so that new features and updates are delivered with robust protections for your data.
Vulnerability management
We run a proactive vulnerability management programme that continuously scans our infrastructure, applications, and dependencies for known vulnerabilities. Identified issues are prioritised based on severity and potential impact, and remediation is tracked until resolved. Critical patches and configuration updates are applied promptly, and we inform customers where issues may materially affect their use of Cetbix services.
Incident response
Cetbix has an incident response plan in place to detect, contain, investigate, and recover from security incidents affecting our platform or products. The plan defines clear roles, escalation paths, and communication procedures. Incidents are logged, analysed, and used to improve our controls and prevent future occurrences. If an incident materially affects your data or service, we will notify you in line with contractual obligations and applicable regulations.
Backup and disaster recovery
To protect the availability and integrity of your data, Cetbix implements regular backups and disaster‑recovery measures. Critical data is backed up frequently, encrypted, and stored securely, and restore procedures are tested periodically. Disaster‑recovery plans outline recovery time and recovery point objectives (RTO/RPO) so we can restore services as quickly as possible after disruptions.
Employee security training
All Cetbix employees and relevant contractors receive mandatory security and privacy training. This includes secure coding practices, data‑handling responsibilities, phishing awareness, and how to report potential security issues. Training is refreshed regularly and updated to reflect new threats and regulatory changes, helping to maintain a security‑conscious culture across product, engineering, and customer‑facing teams.
Privacy and data protection
Cetbix is committed to protecting personal data and processing it lawfully, fairly, and transparently. We apply privacy-by-design principles across our products, collect only the data needed to deliver our services, and limit access to authorised personnel. Where required, we support data subject requests, retention controls, and contractual safeguards to help customers meet their privacy obligations.