We help transform businesses
Our centralized resource for up-to-date security documentation, certifications, and compliance information. We believe transparency is a core part of trust, which is why we provide direct access (NDA required) to key materials that demonstrate our security posture and ongoing commitment to protecting customer data.
We’re certified under the globally recognized ISO 27001:2022 standard—confirming that our Information Security Management System (ISMS) meets strict international requirements for risk management, access control, and business continuity. Download the certificate and see how we keep your environment secure and resilient.
Our Information Security Policy guides how we operate day-to-day—from access rights and encryption to incident response. It’s backed by dedicated internal resources, executive oversight, and regular employee training. Read how we put policy into practice, and why it matters.
As an EU-based company, we are committed to upholding the principles of the GDPR and global privacy regulations in everything we do. Our services are designed with privacy by design and by default, and we offer Data Processing Agreements (DPAs) to ensure our customers can meet their compliance requirements. For more details, please visit our Privacy Policy.
Neptune is ISO 27001:2022 certified. The Information Security Management System includes policies and procedures designed to systematically protect company information and assets based on their criticality and sensitivity, minimizing risks to acceptable levels. These policies are accessible to all employees, reviewed annually, and cover governance, risk management, human resources security, system and facility security, operations, incident management, business continuity, privacy, monitoring, and security testing.
Yes, Neptune Software has established privacy and security policies and procedures to ensure compliance with GDPR regulations. We utilize Data Processing Agreements (DPAs) that enable customers to use our services in accordance with GDPR requirements. For more information, please refer to our https://www.neptune-software.com/privacy-policy.
Yes, The Information Security team is accountable for governance, risk management, compliance, serving as the second line of defence, overseeing the Management System, and managing the overall security and business continuity program.
Neptune Software has a well-established incident response capability that allows it to address incidents in a structured and systematic manner. It follows a rigorous incident management policy and procedures for events that may impact the confidentiality, integrity, or availability of systems or data, or that may constitute a breach of company policies and controls. Incidents are classified according to their severity and impact on customers and business operations
The personal information we collect is stored and/or processed in Norway, or where we or our partners, affiliates, and third-party providers maintain facilities.
Encryption plays a critical role in Neptune Software’s security strategy, following best practices for both data in transit and at rest. For data in transit, we utilize TLS 1.2 or TLS 1.3 protocols. Data at rest is protected with AES-256 encryption.
Access to company information and systems is granted only as necessary to perform assigned job responsibilities. Neptune Software follows the principles of least privilege and need-to-know, along with segregation of duties, as key security measures. Resources are further protected through multi-factor authentication (MFA). Access is revoked on an employee's last day of employment, and periodic access reviews are conducted.
Yes, conformity with security standards and policies is regularly assessed through internal and external audits as part of our ISO 27001 certification. Authorized external parties conduct penetration tests to evaluate the security of our product, at least once a year.
To report a security vulnerability, you can contact us through https://www.neptune-software.com/contact-us.
Neptune Software assesses new third parties to ensure they adhere to its security, privacy, and business continuity standards and best practices. Formal agreements are established, outlining responsibilities, information security incident management procedures, communication channels, and designated contacts for security and privacy matters (including incidents). Neptune Software also performs ongoing due diligence based on the third-party risk level to verify that their commitment to information security, privacy, and business continuity remains strong over time. This evaluation may include reviewing audit reports, certifications (such as SOC2 and ISO), surveys, penetration testing results, and other relevant documentation.
Neptune Software has a Business Continuity Policy and a Business Continuity Plan in place for critical business functions, supported by a comprehensive business impact analysis and risk evaluation.
.webp)
