Security at PROCESIO

ISO/IEC 27001:2022

Information Security Management

I-6177/25

Valid until 28.10.2026

ISO 9001:2015

Quality Management System

Q-6177/24

Valid until 01.09.2027

ISO/IEC 20000-1:2018

IT Service Management

S-6177/25

Valid until 21.12.2028

ISO 37001:2016

Anti-Bribery Management

AB-6177/25

Valid until 28.02.2027

CASA Tier 2

Cloud Application Security Assessment

Lab Tested — ESOF Cyber Score 9.7 / 10.0

Revalidated 15.10.2025

Data stays in the EU

All customer data is processed and stored exclusively in Romania (EU). No data is transferred outside the European Economic Area.

Encryption in transit & at rest

All data in transit is protected with TLS 1.2. All data at rest is encrypted with AES-256.

Penetration testing

Independent penetration test conducted by Zerotak Security in October 2025. All findings have been remediated. Tests are performed twice per year.

Access control

Two-factor authentication (2FA) mandatory for all staff. SSO via Azure AD. Role-based access control (RBAC). Privileged access governed by Azure AD and Keycloak.

Business continuity

RTO: between 4 hours and 1 business day. RPO: between 4 hours and 8 hours. Nightly full backups with 7-day retention. Documented BCP and DRP.

Vulnerability disclosure

Responsible disclosure: security@procesio.com. We acknowledge within 5 days, assess within 15 days, and target 90-day coordinated disclosure.