Skip to content

Compliance and Security

Safespring's cloud services are built on a foundation of internationally recognized security and compliance standards, ensuring your data is protected and regulatory requirements are met.

Overview

In this chapter we outline the standards that Safespring uses to implement it's services.

Because we run a variety of services each with their own compliance and security implementations.

For that reason you can find a chapter 'Security and Compliance' in every service's documentation.

Our internal 'DevOps Guidelines' are the reference material for all our services. They set out the minimal guidelines for all our services.

FR2000 certified

Safespring is currently FR200 certified. FR2000 combines requirements from ISO 9001 (quality), ISO 14001 (environment), ISO 45001 (work environment), ISO 27001 (information security), and systematic fire safety. This means customers benefit from a holistic approach where quality, security, sustainability, and safety are all managed within one framework. Customers can trust that products and services are delivered according to well-defined processes, minimizing risks of errors, delays, or inconsistencies. Continuous improvement is built into the system, ensuring ongoing enhancements in quality and efficiency.

ISO 27001 certification process

Safespring aims to achieve ISO 27001 certification for Information Security Management Systems, providing:

  • Systematic approach to managing sensitive information
  • Comprehensive security controls and risk management
  • Regular third-party audits and continuous improvement
  • Documented security policies and procedures

We're aiming to achieve ISO 27001 certification during 2025Q4-2026Q1.

GDPR Compliant

Our services fully comply with the General Data Protection Regulation (GDPR):

  • Data Sovereignty: All data stored in Nordic data centers (Norway and Sweden)
  • Privacy by Design: Built-in privacy protection across all services
  • Data Subject Rights: Support for access, rectification, erasure, and portability
  • No Third-Country Transfers: Data never leaves the EU/Nordic region