Legal

Security

Lobyco is committed to maintaining the highest standards of information security and data protection. We protect customer and end-user data through a robust combination of technical, organizational, and procedural controls, aligned with international best practices and applicable data protection regulations.

Resilience Overview
Service Level Agreement
Governance
Data Processing Agreement
Security
Privacy policy

Cloud Infrastructure and Hosting

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available. Key attributes include:

  • Redundant architecture providing high availability and fault tolerance.
  • 24/7 monitoring of infrastructure health, performance, and security.
  • Physical and environmental controls managed by Microsoft’s certified data center operations.
  • The Customer may cvhoose a multi-region deployment option supporting geographic separation and recovery.

Data Protection

Lobyco applies rigorous security measures to protect personal and confidential data throughout its lifecycle:

  • Encryption in transit: All data transmissions use industry standard encryption.
  • Encryption at rest: All stored data is encrypted using high industry standard encryption.
  • Privacy: Data is processed in accordance with GDPR, and other relevant data protection laws. Data retention and deletion follow contractual requirements and regulatory obligations.

Identity and Access Management

Access to Lobyco systems and data is tightly controlled and continuously monitored.
All identity and authentication mechanisms are centralized through Microsoft Entra ID, ensuring consistency and auditability. These measures ensure that data can only be accessed by authenticated and authorized users in a secure and controlled manner. Core principles include:

  • Access to data is managed by role-based access control (RBAC), and multi-factor authentication (MFA) is enforced.
  • Least privilege principle: Access is limited strictly to authorized personnel with a business need.
  • Periodic review: Access rights are reviewed regularly and revoked when no longer required.
  • Comprehensive audit logging: All privileged and administrative activities are logged, monitored, and available for audit.

Security Incident Management

Lobyco maintains a formal Security Incident Management process designed to ensure prompt detection, investigation, and remediation of security incidents. This structured approach minimizes impact and ensures transparent communication throughout the incident lifecycle. Key procedures include:

  • Continuous Monitoring: Systems are monitored for anomalies and potential security events.
  • Defined Response Process: Documented procedures outline how incidents are triaged, contained, and resolved.
  • Notification obligations: In the event of a confirmed personal data breach, customers are notified without undue delay, in accordance with legal and contractual requirements.

Vulnerability Management

Lobyco employs a proactive, risk-based Vulnerability Management Program to identify and mitigate potential threats across systems and applications. This approach ensures timely remediation and continuous strengthening of Lobyco’s security posture. Program highlights:

  • Regular vulnerability scanning and continuous monitoring of production systems.
  • Prioritized remediation based on severity, exploitability, and potential business impact.
  • Patch management processes aligned with recognized industry frameworks
  • Periodic penetration testing performed by independent security specialists.

Governance and Continuous Improvement

Lobyco’s information security management framework provides consistent oversight, accountability, and improvement. This governance model ensures that security remains an integral, evolving component of Lobyco’s operations.

  • Independent assurance: Controls are reviewed and validated through ISAE 3000 assurance.
  • Cloud Compliance: Lobyco leverages Azure’s global certifications including ISO 27001, SOC 1/2 Type II, ISAE 3402, and CSA STAR.
  • Employee awareness and training: All staff complete information security and privacy training.
  • Ongoing Improvement: Security controls are continuously reviewed to address emerging threats, regulatory changes, and audit findings.

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available. Key attributes include:

  • Redundant architecture providing high availability and fault tolerance.
  • 24/7 monitoring of infrastructure health, performance, and security.
  • Physical and environmental controls managed by Microsoft’s certified data center operations.
  • The Customer may cvhoose a multi-region deployment option supporting geographic separation and recovery.

Lobyco applies rigorous security measures to protect personal and confidential data throughout its lifecycle:

  • Encryption in transit: All data transmissions use industry standard encryption.
  • Encryption at rest: All stored data is encrypted using high industry standard encryption.
  • Privacy: Data is processed in accordance with GDPR, and other relevant data protection laws. Data retention and deletion follow contractual requirements and regulatory obligations.

Access to Lobyco systems and data is tightly controlled and continuously monitored.
All identity and authentication mechanisms are centralized through Microsoft Entra ID, ensuring consistency and auditability. These measures ensure that data can only be accessed by authenticated and authorized users in a secure and controlled manner. Core principles include:

  • Access to data is managed by role-based access control (RBAC), and multi-factor authentication (MFA) is enforced.
  • Least privilege principle: Access is limited strictly to authorized personnel with a business need.
  • Periodic review: Access rights are reviewed regularly and revoked when no longer required.
  • Comprehensive audit logging: All privileged and administrative activities are logged, monitored, and available for audit.

Lobyco maintains a formal Security Incident Management process designed to ensure prompt detection, investigation, and remediation of security incidents. This structured approach minimizes impact and ensures transparent communication throughout the incident lifecycle. Key procedures include:

  • Continuous Monitoring: Systems are monitored for anomalies and potential security events.
  • Defined Response Process: Documented procedures outline how incidents are triaged, contained, and resolved.
  • Notification obligations: In the event of a confirmed personal data breach, customers are notified without undue delay, in accordance with legal and contractual requirements.

Lobyco employs a proactive, risk-based Vulnerability Management Program to identify and mitigate potential threats across systems and applications. This approach ensures timely remediation and continuous strengthening of Lobyco’s security posture. Program highlights:

  • Regular vulnerability scanning and continuous monitoring of production systems.
  • Prioritized remediation based on severity, exploitability, and potential business impact.
  • Patch management processes aligned with recognized industry frameworks
  • Periodic penetration testing performed by independent security specialists.

Lobyco’s information security management framework provides consistent oversight, accountability, and improvement. This governance model ensures that security remains an integral, evolving component of Lobyco’s operations.

  • Independent assurance: Controls are reviewed and validated through ISAE 3000 assurance.
  • Cloud Compliance: Lobyco leverages Azure’s global certifications including ISO 27001, SOC 1/2 Type II, ISAE 3402, and CSA STAR.
  • Employee awareness and training: All staff complete information security and privacy training.
  • Ongoing Improvement: Security controls are continuously reviewed to address emerging threats, regulatory changes, and audit findings.

Table of Contents

Example H2
Example H3
Example H4
Example H5
Example H6
This is also a heading that is long to test if these are wrapping
This is a heading

Cloud Infrastructure and Hosting

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available.

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available. Key attributes include:

  • Redundant architecture providing high availability and fault tolerance.
  • 24/7 monitoring of infrastructure health, performance, and security.
  • Physical and environmental controls managed by Microsoft’s certified data center operations.
  • The Customer may cvhoose a multi-region deployment option supporting geographic separation and recovery.

Redundant architecture providing high availability and fault tolerance.

Multi-region deployment options supporting geographic separation and recovery.

24/7 monitoring of infrastructure health, performance, and security.

Physical and environmental controls managed by Microsoft’s certified data center operations.

Data Protection

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available.

Lobyco applies rigorous security measures to protect personal and confidential data throughout its lifecycle:

  • Encryption in transit: All data transmissions use industry standard encryption.
  • Encryption at rest: All stored data is encrypted using high industry standard encryption.
  • Privacy: Data is processed in accordance with GDPR, and other relevant data protection laws. Data retention and deletion follow contractual requirements and regulatory obligations.

Redundant architecture providing high availability and fault tolerance.

Multi-region deployment options supporting geographic separation and recovery.

24/7 monitoring of infrastructure health, performance, and security.

Physical and environmental controls managed by Microsoft’s certified data center operations.

Identity and Access Management

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available.

Access to Lobyco systems and data is tightly controlled and continuously monitored.
All identity and authentication mechanisms are centralized through Microsoft Entra ID, ensuring consistency and auditability. These measures ensure that data can only be accessed by authenticated and authorized users in a secure and controlled manner. Core principles include:

  • Access to data is managed by role-based access control (RBAC), and multi-factor authentication (MFA) is enforced.
  • Least privilege principle: Access is limited strictly to authorized personnel with a business need.
  • Periodic review: Access rights are reviewed regularly and revoked when no longer required.
  • Comprehensive audit logging: All privileged and administrative activities are logged, monitored, and available for audit.

Redundant architecture providing high availability and fault tolerance.

Multi-region deployment options supporting geographic separation and recovery.

24/7 monitoring of infrastructure health, performance, and security.

Physical and environmental controls managed by Microsoft’s certified data center operations.

Security Incident Management

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available.

Lobyco maintains a formal Security Incident Management process designed to ensure prompt detection, investigation, and remediation of security incidents. This structured approach minimizes impact and ensures transparent communication throughout the incident lifecycle. Key procedures include:

  • Continuous Monitoring: Systems are monitored for anomalies and potential security events.
  • Defined Response Process: Documented procedures outline how incidents are triaged, contained, and resolved.
  • Notification obligations: In the event of a confirmed personal data breach, customers are notified without undue delay, in accordance with legal and contractual requirements.

Redundant architecture providing high availability and fault tolerance.

Multi-region deployment options supporting geographic separation and recovery.

24/7 monitoring of infrastructure health, performance, and security.

Physical and environmental controls managed by Microsoft’s certified data center operations.

Vulnerability Management

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available.

Lobyco employs a proactive, risk-based Vulnerability Management Program to identify and mitigate potential threats across systems and applications. This approach ensures timely remediation and continuous strengthening of Lobyco’s security posture. Program highlights:

  • Regular vulnerability scanning and continuous monitoring of production systems.
  • Prioritized remediation based on severity, exploitability, and potential business impact.
  • Patch management processes aligned with recognized industry frameworks
  • Periodic penetration testing performed by independent security specialists.

Redundant architecture providing high availability and fault tolerance.

Multi-region deployment options supporting geographic separation and recovery.

24/7 monitoring of infrastructure health, performance, and security.

Physical and environmental controls managed by Microsoft’s certified data center operations.

Governance and Continuous Improvement

Lobyco’s platform is delivered on the Microsoft Azure Cloud, ensuring a secure, resilient, and scalable environment for all services. This cloud foundation ensures that customer data and applications remain secure, reliable, and continuously available.

Lobyco’s information security management framework provides consistent oversight, accountability, and improvement. This governance model ensures that security remains an integral, evolving component of Lobyco’s operations.

  • Independent assurance: Controls are reviewed and validated through ISAE 3000 assurance.
  • Cloud Compliance: Lobyco leverages Azure’s global certifications including ISO 27001, SOC 1/2 Type II, ISAE 3402, and CSA STAR.
  • Employee awareness and training: All staff complete information security and privacy training.
  • Ongoing Improvement: Security controls are continuously reviewed to address emerging threats, regulatory changes, and audit findings.

Redundant architecture providing high availability and fault tolerance.

Multi-region deployment options supporting geographic separation and recovery.

24/7 monitoring of infrastructure health, performance, and security.

Physical and environmental controls managed by Microsoft’s certified data center operations.

Enterprise-grade infrastructure

Lobyco’s security framework combines the strength of Microsoft Azure’s enterprise-grade infrastructure with independently verified internal controls under ISAE 3000 assurance.Our approach ensures that customer data is protected through every phase of processing - delivering a platform that is secure, compliant, and resilient by design.