Enterprise-grade security. Independently certified.
Inteeka holds ISO 27001, ISO 9001, and ISO 14001 certifications. All data is hosted in the EU, encrypted at rest and in transit, and processed in full compliance with GDPR.
Independently audited and certified
Information Security Management
Our information security management system (ISMS) is independently audited and certified. This covers all aspects of data handling, access control, incident response, and risk management.
Quality Management
Our quality management system ensures consistent delivery of services that meet customer and regulatory requirements. Processes are documented, measured, and continuously improved.
Environmental Management
Our environmental management system demonstrates our commitment to reducing environmental impact. This includes energy efficiency in our data centres and sustainable business practices.
How we protect your data
Encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database connections use encrypted tunnels. Backup data is encrypted with separate keys.
Access Control
Role-based access control (RBAC) with granular permissions. SSO via SAML 2.0 and OAuth 2.0. Multi-factor authentication available for all accounts. SCIM provisioning for Enterprise plans.
Infrastructure
Hosted in Frankfurt, Germany (EU) with Tier III+ data centres. Redundant power, cooling, and network connectivity. Automated failover and disaster recovery procedures.
Network Security
Web Application Firewall (WAF) protection. DDoS mitigation. Rate limiting on all API endpoints. Content Security Policy headers enforced on all pages.
Audit & Monitoring
Comprehensive audit logging of all administrative actions. Real-time monitoring and alerting. Regular vulnerability scanning and annual penetration testing by independent third parties.
GDPR Compliance
Full compliance with GDPR (EU 2016/679). Data Processing Agreement (DPA) available on request. Data subject access requests supported. Right to erasure implemented across all modules.
Your data stays in the EU
All OSBase data is processed and stored in Frankfurt, Germany. Our infrastructure runs in Tier III+ certified data centres with redundant power, cooling, and network connectivity.
For organisations with strict data sovereignty requirements, we offer on-premise deployment on Enterprise plans. This gives you complete control over your infrastructure whilst retaining access to platform updates and support.
Our Data Processing Agreement (DPA) documents all sub-processors and data transfer mechanisms. Available on request for all customers.
Security & compliance questions
Common questions from IT and procurement teams evaluating OSBase.
All OSBase data is hosted in Frankfurt, Germany (EU) in Tier III+ certified data centres. This ensures compliance with EU data residency requirements. On-premise deployment is available for Enterprise customers with strict data sovereignty requirements.
Yes. We conduct annual penetration tests performed by independent, CREST-certified third parties. Results and remediation reports are available to Enterprise customers under NDA.
Yes. Our standard DPA is available on request for all customers. It covers data processing terms, sub-processor lists, and data transfer mechanisms in compliance with GDPR.
We maintain a documented incident response procedure as part of our ISO 27001 ISMS. Customers are notified within 72 hours of any confirmed breach affecting their data, in compliance with GDPR Article 33.
We support SSO via SAML 2.0 and OAuth 2.0, integration with Active Directory, and SCIM-based user provisioning. Multi-factor authentication (MFA) is available for all accounts and can be enforced organisation-wide.
Automated daily backups with 30-day retention. Backups are encrypted and stored in a separate EU data centre. Point-in-time recovery is available. Backup restore procedures are tested quarterly.
Yes. Our business continuity and disaster recovery plans are documented, tested annually, and aligned with our ISO 27001 certification. Recovery Time Objective (RTO) and Recovery Point Objective (RPO) details are available on request.
Enterprise customers may conduct their own security assessments subject to agreed terms. We provide completed security questionnaires (CAIQ, SIG, custom) and can facilitate technical due diligence calls with our security team.
Need more details for your security review?
Our team can provide completed security questionnaires, DPA documentation, and technical due diligence support.