Over 100+ customers worldwide trust CatalystOne with their employee data, which isn't something we take lightly. We've implemented world-class security features so you can rest easy in the knowledge your data is safe and secure - always.

Your security is our business

Protecting our customers’ data is of paramount importance to CatalystOne. We have implemented robust technical and organisational security controls to ensure persistent data protection. This includes strict policies ensuring correct access, usage and transfer of employee data.


Your data is always safe during transfer because all communication with CatalystOne servers is encrypted using industry standard HTTPS over public networks.

Data centre and network security

CatalystOne servers are hosted within world-class data centres provided by Microsoft Azure, whose security level is supported by “more certifications than any other cloud provider” - SSAE-16, PCI DSS, or ISO 27001.
Click here for more information

Data backup

All databases are backed up daily and geo-replicated to two different locations in Europe. This allows us to quickly and easily redeploy any solution within 1 hour, with a point in time recovery of <5 seconds. Backup verification tests are performed quarterly, and disaster recovery verification tests yearly.

Access management

We offer seamless access controls for simple and secure access management, including options for authentication and single sign-on (SSO). We also support configurable MFA, password complexity and IP-block.

Our role-based access control model helps you manage which users have access to data and functionality, in full compliance with GDPR’s regulations regarding a clear and definite need to view personal data.

module background

100% GDPR compliant

Our HR software and IT-infrastructure is fully-compliant with all privacy and security requirements laid out by the European Union, including GDPR.

Our HR solutions come pre-packaged with features such as privacy by design, data deletion & portability, built-in personal data privacy, access directory, documentation, audits & reports, and change management and audit trails. All of which ensure our software does everything possible to keep you GDPR compliant.

Some of our security features

Here are a few of the security features that help hundreds of organisations worldwide trust us with their employee data:

Data center security and data access

  • Only CatalystOne employees based in the Nordics who have a specific need due to their remit have access to customer data.
  • Access to customer applications is assigned and monitored in the CatalystOne Cloud Management System, our internal access system where carefully managed permissions are assigned and revoked.

Application security and audit trail

  • All changes made to your system are stored in the database listing, including who implemented the change and when.
  • All logfiles on the server include login-information and change-trails.
  • This information is sent securely to Papertrail for analysis, with alerts sent to support when keywords are triggered.

Product security features

  • Single Sign-On (SSO) -  CatalystOne supports SAML 2.0, the de facto industry standard for implementing SSO-solutions, supporting both ADFS and AzureAD.

Compliance certifications

  • Each year, we undergo an external audit by information security experts.
  • CatalystOne is tested annually against the OWASP top 10 framework by Mnemonic.

IT security is a matter of trust

We understand that trust is not something you are entitled to - it is something you earn.

“All employees at CatalystOne receive security, privacy and compliance training as a part of their on-boarding, since we believe security is a part of everybody’s responsibility here.”

– Christian Holthe, VP Security, Support & Operations. CatalystOne Solutions

Microsoft Azure Partner

All CatalystOne data centres are housed in state-of-the-art secure locations across Europe. Our hosting partner is Microsoft Azure, which is ISO 27001 certified and a Level 1 PCI DSS service provider.

  • Data centres are monitored by CCTV cameras, and access to each centre is via key card only. All locations are patrolled by security staff
  • Data centres have been built to protect against natural disasters, and are equipped with backup power solutions
  • Redundant internet access using a different ISP is available
  • DDOS protection via Microsoft Azure
  • Encrypted backups are stored in offsite locations

Contact us for Security details

If you'd like to know more about how we keep our customers' data safe, please feel free to contact us.