Choose your language:


CatalystOne is committed to safeguarding the data we are entrusted with by our customers, employees & other stakeholders.

Data Protection Programme

CatalystOne has an extensive Data Protection Programme.
The programme includes security policies and guidelines, procedures, risk management, maturity and monitoring,
incident handling, auditing, in addition to continuous information security awareness and training for our employees. 


CatalystOne has a Data Protection Officer (DPO)  who meets regularly with VP Security and Cloud Delivery and the Security Team.

All strategic decisions regarding data protection are governed by the CEO, VP Security and Cloud Delivery and the DPO, in order to ensure transparency and accountability.

Policies & Guidelines

Through our Information Security Policies and internal guidelines we ensure all employees are aware of how CatalystOne shall process our customers' personal data and also our internally owned personal data. These governing documents are approved by our VP Security and Cloud Delivery + external GDPR auditors.

Risk management, maturity & monitoring

CatalystOne is growing and constantly evolving. To ensure that we comply with applicable privacy and security legislation whilst also meeting our customers' trust and expectations, CatalystOne has implemented a risk assessment programme. Not only do we create, manage and monitor Privacy Impact Assessments following new modules/features, but we also run Risk Collection Workshops together with relevant stakeholders.  Firstly,  Privacy Impact Assessments give us insight into the actual risks related to the product. Secondly, Risk Collection Workshops allows the Security Team to work with various departments to identify possible risks. 

This assessment is a way of documenting status and mitigating risk. In short, it allows us to keep track of what kind of data is processed, how it is processed, in what manner it is protected and with whom it is shared. This helps us to implement measures to mitigate privacy risks and prevent incidents before they occur.

Security policies and technical controls are assessed continuously by the Security Team and Internal Auditor. In addition, all controls and processes are annually reviewed as part of the ISAE 3000 type 2 attestation. This includes security-specific areas such as encryption, firewall, access and  authorisation controls.  In addition, it deals with infection prevention, cross-site scripting, error handling, and deployment reviews.

CatalystOne is governed by a security and compliance regime that monitors, measures and flags risk. Risks are recorded in the Risk Register, mitigated and followed up by our Security Team. 

Incident handling

In the event of an incident, our Incident Response Team (IRT) initiates the incident response procedure. The team is specialised in handling security and privacy incidents. The IRT and DPO work together with the people responsible for the specific module and/or area of business. This enables CatalystOne to respond quickly and appropriately to incidents, mitigate risk, and ensure that customers receive timely and relevant information.


To gain and keep our customers' trust, transparency is key. Find up-to-date information about data centres and sub-processors for CatalystOne.

Definition: These provide a technical solution to assist in the delivery of the CatalystOne application.

Name of subprocessor Type of Service HQ Data Center Location
Microsoft Azure Infrastructure services including databases and file storage US Ireland/Netherlands
Signicat E-signature for documents Norway  Norway 
Sinch SMS and Email notification service Sweden Ireland/Netherlands + Belgium/Germany


Definition: Professional services used to fulfill contractual obligations

Name of subprocessor Type of Service Location
Itera Norge AS Consultancy EU/EEA
Prasinum AB Consultancy Sweden
Roger Lif Consulting AB Consultancy Sweden


Definition: These are optional, with possible integration with the CatalystOne application.

Name of partner Type of Service HQ Data Center Location
Populum Employee Engagement Sweden Ireland/Netherlands
Talentech Applicant tracking system Norway Sweden
Teamtailor Applicant tracking system Sweden Ireland
EQS WhistleBlowing Germany Frankfurt/Munich
Visma Payroll Norway Norway
Arribatec ERP Payroll (on premises) Norway N/A
TalentAdore Applicant Tracking System Finland Ireland/Germany
Flex Applications International AS Time Management Services Sweden Sweden


Get notified when we update the list of

Contact us for security details

If you'd like to know more about how we keep our customers' data safe, please feel free to contact us.