Choose language

Information security

Minimise governance risks with industry-leading security

Learn how Admincontrol protects your data with rigorous security policies, industry best practices, and internationally recognised certifications.

See certifications
  • Hydro
  • OBOSlogo_liggende-1-300x137
  • logo-oaklins.5e292db48623
  • hg-new
  • DLA-piper-logo-140
  • logo-1
AdminControl-60

A strategic commitment to protect your data

We follow a structured, proactive approach to information security across all functions and layers, supported by an ISO 27001 certified Information Security Management System (ISMS).

Key elements of our strategy include:

  • Security training and awareness programs for all employees
  • Compliance with leading security frameworks and standards
  • Building trust through transparency
  • Regular independent audits and security testing

Certifications & compliance

We are proud to hold the most recognised certifications in information security, reflecting our dedication to safeguarding your data. Our entire business, business processes and SaaS solutions are certified for ISO27001:2022

ISO27001:2022 certification

ISO27001:2022 certified

Certified by Det Norske Veritas (DNV), a globally recognised authority, ISO27001:2022 attests to our strong information security practices and provides our customers with confidence in our ability to manage data securely and responsibly.

The certification covers our entire business, processes, and products, ensuring that we meet the highest standards for information security.

SOC 2 Type II icon

SOC 2 Type II

Our SOC 2 Type II report, verified by Deloitte Norway, demonstrates our commitment to rigorous security controls and transparency.

Admincontrol's SOC 2 Type II Report covers the AICPA’s "Trust Services Principles and Criteria" for secure data processing and storage, and provides independent assurance that your data is handled with the highest standards of protection.

Demonstrating proficiency across these criteria is an attestation to the following security principles:

Security: the system is protected against unauthorised access, both physical and logical
Availability: the system is available for operation and use as committed or agreed
Confidentiality: information designated as confidential is protected as committed or agreed

Cyber essentials plus certification

Cyber essentials plus

The Cyber Essentials Plus certification demonstrates that we have implemented the security measures set by the UK’s National Cyber Security Centre to protect against common online threats.

Cyber Essentials Plus involves a more rigorous assessment process than the basic Cyber Essentials and includes an independent external audit

HM-Gov-G-Cloud-Supplier-e1667837094627

G-cloud 14

Admincontrol is certified by the Crown Commercial Service (CCS) as part of its Digital Marketplace, enabling UK public-sector bodies to procure IT products and services through a faster, more streamlined process. This certification covers both Admincontrol's board management solution and virtual data room services.

Layer_1

General data protection regulation

We have implemented all necessary measures to ensure compliance with GDPR, both when acting as a Data Controller responsible for collecting personal data and as a Data Processor handling data on behalf of our customers.

Get in touch for more information or questions:

Send an email

Multi-layered security protocols for complete protection

Admincontrol's platform integrates advanced security technologies to protect your data at every level.

Authentication & access control

Two-factor authentication

  • Secure logins via SMS-based OTP or Authenticator App

eID authentication

  • Strong identity verification for Nordic users
    • Norwegian BankID
    • Swedish BankID
    • Danish MitID
    • Finnish BankID (Finnish Trust Network)

Role-based access control (RBAC)

  • Permissions aligned with user roles for strict access management

Encryption & data security

Encryption in transit

  • All communication is TLS-encrypted (HTTPS with EV SSL)

Encryption at rest

  • AES-256 encryption, with customer-specific encryption keys stored securely

Secure storage & disposal

  • Dedicated, controlled infrastructure; certified media disposal
 

Insider risk & employee security

Background checks & screening

  • Comprehensive vetting before employment

Administrative privilege control

  • Only pre-approved, security-cleared personnel have system-wide access

Confidentiality agreements

  • All employees sign binding agreements on data security and privacy

Data integrity & backup protection

Checksum validation:

  • Ensures file integrity throughout storage and transmission

Multi-level backup strategy

  • Daily full backups stored in secondary data centres
  • Weekly incremental backups for optimised recovery
  • Hourly transaction log backups for continuous data integrity

 

High availability & business continuity

Geo-redundant data centres

  • Admincontrol operates across multiple secure geographically distributed locations

Infrastructure redundancy

  • Every system is designed for high availability with failover mechanisms

Disaster recovery & business continuity plans

  • Regularly tested to ensure rapid response and resilience

Risk & incident management

Proactive risk assessments

  • Regular evaluations to identify and mitigate security risks

Incident response framework

  • Documented procedures for swift resolution and prevention

Vendor and subcontractor compliance

  • All vendors go through an initial assessment and are re-assessed as needed according to Admincontrol’s security policy.
  • The level of assessment and frequency depends on the importance of the vendor.
  • Many of our subcontractors are ISO27001 certified

Continuous security improvement

We believe that security is an ongoing process, not a one-time achievement. We invest in:

Security testing & audits

  • Regular penetration tests aligned with OWASP Top 10

Security awareness training

  • Mandatory training for all employees

Continuous monitoring & threat prevention

  • 24/7 monitoring to detect and mitigate threats 

Hear from our customer

Geomatikk's vision is to provide society uninterrupted access to critical infrastructure, so security is very much ingrained in our DNA. Knowing we have a board portal provider which has equally high standards on this aspect is reassuring. Furthermore, customer support is available 24/7 should there be any issues we need help with. We can confidently recommend Admincontrol to others.

Knowing we have a provider which has equally high security standards is reassuring.

Geir Hansen

Group CEO at Geomatikk