Monitor Trust Center

All the information you need on security, compliance and privacy

Find the information you need on security, compliance and privacy

Privacy

Understand how Monitor protects and respects individuals’ privacy, and read about our principles and approach in this area.
Privacy

Report a security incident

Inform the Monitor Security Response Team about a security issue by completing and submitting the form.
Visit the Monitor Support Portal

Security governance and compliance

Web Big Governance

Security governance

Security governance is a critical part of our strategy. We implement an Information Security Management System based on the International Organization for Standardization (ISO) 27001 standard, and with additional guidance from other industry standard organizations such as the U.S. National Institute of Standards and Technology (NIST). To protect customer data, Monitor uses a risk-based methodology that supports planning, mitigation, and countermeasures.
Web Big Lock

Physical security

Protecting physical assets is crucial to protecting customer data. Monitor operates its own data center in Hudiksvall, Sweden. The physical security program is based on guidance and best practices from The Swedish Civil Contingencies Agency (MSB), and encompasses structural design, redundancy, strict access control and video surveillance. All equipment, such as power systems, cooling systems and communication systems have redundancy in order to guarantee uninterrupted operations, and the whole data center is mirrored to a different physical center.
Web Big Company

Business resilience

Resiliency allows Monitor to adapt to threats against the interests of stakeholders, its reputation, critical operations, and more. To do this, we implement redundancy and business continuity management into our systems to help us to respond to threats. All data is protected by a backup scheme, and has a recovery plan. Monitor performs yearly continuity exercises to test, verify and improve plans.
Web Big Id

Audit and compliance

We audit our Information Security Management System both internally and externally, and uphold and maintain an ISO 27001 Certificate. Click on the icon above to view certificate.
Web Big Secure

Cyber defense

We monitor and issue alerts in relation to suspicious activity and vulnerabilities, and conduct routine scans of external-facing web infrastructure and third-party penetration tests to evaluate system security.
Web Big Checkup

Security vetting

All personnel involved in IT-operations relating to Monitor Cloud are required to pass a security screening process which includes a criminal records check.

Shared responsibility model

Security and compliance is a shared responsibility between Monitor and the customer. This shared model can help relieve the customer’s operational burden, since Monitor operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. The customer assumes responsibility and management of the customer domain, and Monitor of the Monitor domain, as shown below:

Customer

Responsibility for security operation of customer domain

  • Monitor G5 identity and access management
  • Monitor G5 customer data
  • Security operation customer domain
  • Network traffic protection (VPN customer side)

Monitor

Responsibility for security operation of Monitor domain

  • Network traffic protection (VPN Monitor side)

  • Monitor G5 maintaince (patch/update/backup)

  • Security operation Monitor domain

  • Operating system

  • Compute | Storage | Database | Networking
  • Data center

Frequently asked questions

Here we've compiled some of the most commonly asked questions in this area.

Is there a backup plan offered as standard with Monitor Cloud?

Monitor Cloud creates backup copies of the customer’s data on a daily basis. The customer and Monitor Cloud shall agree regarding backup copies, and the frequency with which they take place. Up to fourteen (14) backup copies and backup performed up to four (4) times a day are included in the Cloud Service Fee, although the Parties may agree a higher rate for a specific fee.

Does Monitor ERP support MFA (Multi-Factor Authentication)?

Yes: MFA requires the user to identify with an additional authentication factor – here there is a one-time code generated by an authentication app, in addition to the user password. This extra protection makes it harder for unauthorized individuals/attackers to gain access to the user’s user account. This helps protect confidential or sensitive information and prevent unauthorized access.

Does Monitor Cloud offer patch management?

The customer and Monitor Cloud shall agree upon how often, at what time of day, and how long following a new release of Monitor ERP the installation in Monitor Cloud will be carried out. Monitor Cloud ensures that only supported versions are used, and updates are carried out as soon as critical vulnerabilities are identified. Monitor Cloud monitors for security updates on all products in the Cloud environment.

Does Monitor Cloud have a physical security policy?

Yes, physical security at our office includes access control based on personal access cards, 24/7 CCTV monitoring and alarm systems.

The Monitor Cloud data center has high demands regarding physical protection and redundancy. This includes:

  • Fully redundant cooling systems with different cooling sources.
  • Double high voltage electricity transmission and distribution systems.
  • Backup power with dual UPSs on separate groups.
  • Diesel power as backup power for at least 5 days.
I have more questions on Security, Compliance, Privacy & Resiliency, who do I contact?

For more information relating to Monitor Cloud, we encourage you to reach out and get in touch with us here, and we'll be get back to you as soon as we can.

Inf SEC Large