CatalystOne is committed to safeguarding the data we are entrusted with by our customers, employees & other stakeholders.

Data Protection Programme

CatalystOne has an extensive Data Protection Programme.
The programme includes security policies and guidelines, procedures, risk management, maturity and monitoring,
incident handling, auditing, in addition to continuous information security awareness and training for our employees. 


CatalystOne has a Data Protection Officer (DPO)  who meets regularly with VP Security and Cloud Delivery and the Security Team.

All strategic decisions regarding data protection are governed by the CEO, VP Security and Cloud Delivery and the DPO, in order to ensure transparency and accountability.

Policies & Guidelines

Through our Information Security Policies and internal guidelines we ensure all employees are aware of how CatalystOne shall process our customers' personal data and also our internally owned personal data. These governing documents are approved by our VP Security and Cloud Delivery + external GDPR auditors.

Risk management, maturity & monitoring

CatalystOne is growing and constantly evolving. To ensure that we comply with applicable privacy and security legislation whilst also meeting our customers' trust and expectations, CatalystOne has implemented a risk assessment programme. Not only do we create, manage and monitor Privacy Impact Assessments following new modules/features, but we also run Risk Collection Workshops together with relevant stakeholders.  Firstly,  Privacy Impact Assessments give us insight into the actual risks related to the product. Secondly, Risk Collection Workshops allows the Security Team to work with various departments to identify possible risks. 

This assessment is a way of documenting status and mitigating risk. In short, it allows us to keep track of what kind of data is processed, how it is processed, in what manner it is protected and with whom it is shared. This helps us to implement measures to mitigate privacy risks and prevent incidents before they occur.

Security policies and technical controls are assessed continuously by the Security Team and Internal Auditor. In addition, all controls and processes are annually reviewed as part of the ISAE 3000 type 2 attestation. This includes security-specific areas such as encryption, firewall, access and  authorisation controls.  In addition, it deals with infection prevention, cross-site scripting, error handling, and deployment reviews.

CatalystOne is governed by a security and compliance regime that monitors, measures and flags risk. Risks are recorded in the Risk Register, mitigated and followed up by our Security Team. 

Incident handling

In the event of an incident, our Incident Response Team (IRT) initiates the incident response procedure. The team is specialised in handling security and privacy incidents. The IRT and DPO work together with the people responsible for the specific module and/or area of business. This enables CatalystOne to respond quickly and appropriately to incidents, mitigate risk, and ensure that customers receive timely and relevant information.


To gain and keep our customers' trust, transparency is key. Find up-to-date information about data centres and sub-processors for CatalystOne.

Name Type of service Data centre location
Microsoft Infrastructure services including databases and file storage Ireland/Netherlands
Mailjet Email notification Belgium/Germany
Signicat E-signature for documents Norway 
Talentech Applicant tracking system (Stand-alone system) Sweden
Teamtailor Applicant tracking system (Stand-alone system) Ireland
Sinch SMS notification service Ireland/Netherlands


Get notified when we update the list of

Contact us for security details

If you'd like to know more about how we keep our customers' data safe, please feel free to contact us.